Express Data Path

[3] The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet.

[4] The eBPF program must pass a preverifier test[5] before being loaded, to avoid executing malicious code in kernel space.

The program is allowed to edit the packet data and, after the eBPF program returns, an action code determines what to do with the packet: XDP requires support in the NIC driver but, as not all drivers support it, it can fallback to a generic implementation, which performs the eBPF processing in the network stack, though with slower performance.

[6] XDP has infrastructure to offload the eBPF program to a network interface controller which supports it, reducing the CPU load.

As the socket can be used for both receiving and transmitting, it supports high performance network applications purely in user space.

Packet flow paths in the Linux kernel . XDP bypasses the networking stack and memory allocation for packet metadata .