Comment by ZiiS
8 hours ago
I understand they are attached to the phrase "loophole" but it feels fairly like they are using it as designed to me?
8 hours ago
I understand they are attached to the phrase "loophole" but it feels fairly like they are using it as designed to me?
Yup, I don't really get it either. I've had this exact setup in my mind for a while to make an hypervisor dataplane (thus on TAPs, not VETHs). It's working as designed, and it's precisely for this usecase the veth driver has had quite a lot of care as far as XDP is concerned, getting optimizations and multiqueue support over time.
Honestly, the real news is that they're doing it in production, not that they found anything unique.
Heck, all the XDP development I've ever done was against a veth interface on my laptop, to run later on server metal.
XDP is intended only for inbound traffic. They are exploiting veth pairs to make outbound traffic "look like" inbound traffic. That's the "loophole".
It's really not a loophole. I think this might literally be in the xdp-tutorials repo.