gamemann
commented
9 months ago Hey! It appears the driver your ens33 network interface uses doesn't support XDP. You can find a list of supported drivers here. It appears you're running a pretty recent kernel as well.
To see what driver your network interface is using, you may use the lshw -class net command, or if you have ethtool installed, use the ethtool -i ens33 command. You should see a line outputted with the current driver being used.
With that said, the firewall will still run in SKB mode, but won't perform nearly as fast as native XDP. Performance in SKB mode is more identical to iptables and the netfilter hook (after SKB allocation).
Unfortunately, there's not much you can do about this unless you or somebody else implements support for XDP in your network interface's driver which is more complicated (here's a useful video if you did want to give it an attempt). You could also try emailing the xdp-newbies mailing list to see if anybody is willing to help create a patch that adds native XDP support for your network driver, but I can't guarantee anybody will provide assistance with creating the patch on there, especially with how complicated it can be.
I hope this helps and if you have any other questions, feel free to let me know!
Hi,this is my host info:
Linux ubuntu 6.2.0-36-generic #37~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 9 15:34:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linuxbuild successful!
but, when i run xdpfm,it‘s appear:
# sudo xdpfw --time 60 libbpf: elf: skipping unrecognized data section(7) .xdp_run_config libbpf: elf: skipping unrecognized data section(8) xdp_metadata libbpf: elf: skipping unrecognized data section(23) .eh_frame libbpf: elf: skipping relo section(24) .rel.eh_frame for section(23) .eh_frame libbpf: elf: skipping unrecognized data section(7) xdp_metadata libbpf: elf: skipping unrecognized data section(7) xdp_metadata libbpf: elf: skipping unrecognized data section(7) xdp_metadata libbpf: elf: skipping unrecognized data section(7) xdp_metadata libbpf: Kernel error message: Underlying driver does not support XDP in native mode libxdp: Error attaching XDP program to ifindex 2: Operation not supported libxdp: XDP mode not supported; try using SKB mode Could not attach with mode DRV/native (Operation not supported) (95). libbpf: elf: skipping unrecognized data section(7) xdp_metadata libbpf: elf: skipping unrecognized data section(7) xdp_metadata Loaded XDP program on mode SKB/generic.ifconfig: `br-a4f7ea97f505: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 02:42:60:27:1f:b9 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 02:42:36:51:7a:4d txqueuelen 0 (Ethernet) RX packets 332160 bytes 13680273 (13.6 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 574919 bytes 1747954660 (1.7 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.186.131 netmask 255.255.255.0 broadcast 192.168.186.255 inet6 fe80::993a:5a4:2f56:8390 prefixlen 64 scopeid 0x20 ether 00:0c:29:32:0b:3b txqueuelen 1000 (Ethernet) RX packets 2408705 bytes 3211033293 (3.2 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 736981 bytes 120613148 (120.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 10353 bytes 1084265 (1.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10353 bytes 1084265 (1.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
`
xdpfw.conf: `interface = "ens33"; updatetime = 15;
filters = ( { enabled = true, action = 0,
); `
so, but why? i hope i can get help...thanks!