Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - trinitronx

Pages1
#1
Hardware and Performance / Re: eBPF / XDP on OPNsense with hardware support? (Deciso)
March 21, 2025, 07:03:31 PM
Quote from: Patrick M. Hausen on March 21, 2025, 04:43:37 PMeBPF is Linux only as far as I know.

For running kernel-space eBPF sandboxed programs, it seems that might be a limitation with FreeBSD's kernel.

🤔 What about loading a pre-compiled XDP into the Intel hardware from FreeBSD?  Theoretically, could this be possible? [1]

[1]: To be clear, I'm talking about hardware mode / XDP_MODE_HW, assuming that the NIC supports offloading the eBPF program onto the NIC hardware itself.
#2
Hardware and Performance / eBPF / XDP on OPNsense with hardware support? (Deciso)
March 21, 2025, 04:30:26 PM

I'm wondering about eBPF / XDP support in FreeBSD / OPNsense.  Is it possible to load eBPF programs into a NIC capable of XDP running FreeBSD?

This has great potential application for a firewall device, because eBPF loaded into an XDP capable NIC hardware is extremely fast, according to Cloudflare's testing.

For example, I have a DEC850 v2, which appears to have hardware support for this.

Deciso DEC850 v2 has 4x Intel I225-V 2.5 GbE ports:

  • igc0
  • igc1
  • igc2
  • igc3

Code Select
sudo pciconf -llcvVBa igc0
Password:
drv selector class    rev  hdr  vendor device subven subdev
igc0@pci0:2:0:0: 020000   03   00   8086   15f3   8086   0000
    vendor     = 'Intel Corporation'
    device     = 'Ethernet Controller I225-V'
    class      = network
    subclass   = ethernet
    cap 01[40] = powerspec 3  supports D0 D3  current D0
    cap 05[50] = MSI supports 1 message, 64 bit, vector masks
    cap 11[70] = MSI-X supports 5 messages, enabled
                 Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
    cap 10[a0] = PCI-Express 2 endpoint max data 128(512) FLR RO NS
                 max read 512
                 link x1(x1) speed 5.0(5.0) ASPM L1(L1)
    ecap 0001[100] = AER 2 0 fatal 0 non-fatal 0 corrected
    ecap 0003[140] = Serial 1 f490eaffff010b7a
    ecap 0018[1c0] = LTR 1
    ecap 001f[1f0] = Precision Time Measurement 1
    ecap 001e[1e0] = L1 PM Substates 1

According to RedHat's eBPF docs, this hardware is capable of XDP (eXpress Data Path):

Network card   Driver   Basic   Redirect   Target   HW offload   Zero-copy   Large MTU  
IntelĀ® Ethernet Controller I225-LM/I225-V familyigc yes yes yes [a] no yes yes [c]

  • [a]: Only if an XDP program is loaded on the interface.
  • [c]: Transmitting side only. Cannot receive large packets through XDP.

Is it possible to leverage XDP from FreeBSD / OPNsense?

Pages1