Kernel
Rich Packet Metadata - The Saga Continues
<p>So here's the deal: if you want to tag a packet (<code>sk_buff</code>) with some info that
actually sticks around as it travels through the Linux network stack, your only
real option right now is a measly 32-bit <code>SO_MARK</code> field. That's not a lot of
room, and everyone's fighting over those bits. In this talk, we'll share
Cloudflare's quest to get 128+ bytes of metadata attached to packets—enough
space to do cool stuff like keeping config consistent across network layers,
classifying packets in XDP, and figuring out exactly why a packet got dropped.</p>
<p>We've been at this for a while, and we'll walk you through the three main
chapters of our journey—the dead ends, the duct tape solutions, and what we
think might actually work:</p>
<p><strong>Part One: SKB Traits.</strong> Remember that per-packet key-value store idea called
"SKB Traits"? We'll tell you why we got excited about it and why we eventually
tossed it out in favor of not having a second metadata area.</p>
<p><strong>Part Two: XDP Metadata.</strong> Next up, we tried piggy-backing on <code>skb->data_meta</code>
and brought in <code>bpf_dynptr</code> to wrangle the metadata. Spoiler: it gets messy.
L2 tunnels and pulling packet headers can leave your metadata corrupted or
just plain gone. We'll dig into our attempts to untangle metadata tracking
from MAC header offsets and the backward compatibility headaches that come
with it.</p>
<p><strong>Part Three: SKB Extension.</strong> Finally, we'll show you our latest idea: using
<code>sk_buff</code> extensions (<code>skb_ext</code>) backed by BPF local storage. The nice thing
here is that metadata lives separately from packet headers. But we're not out
of the woods yet—memory allocation on the hot path is still an open problem.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/ua2114 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 2/1/26 |
<p>When a kernel component like a storage driver misbehaves in production, developers face a difficult choice. They either have too little information to solve the bug or they enable slow console-level debug logs that ruin performance. This talk introduces a per-component binary logging mechanism designed to support verbose logging in production with negligible run-time cost.</p> <p>We achieve this efficiency by moving the heavy lifting to build time. using preprocessor macros, we emit parameter ...
|
| 2/1/26 |
<p>For years, Ahmad’s ideal has been simple: unpack a rootfs on a server, mount it over NFS (or usb9pfs), boot directly into it, and everything just works™.</p> <p>But as secure boot becomes the default on many embedded systems, squeezing in a network-booted kernel is getting harder and often falls outside the supported boot flow entirely.</p> <p>Fortunately, some recent improvements in the kernel build system pave the way for a far less invasive netboot setup. This talk gives a quick tour ...
|
| 2/1/26 |
<p>The linux kernel driver model has grown over the years and acquired several different mechanisms for passing device configuration data to platform drivers. This configuration can come from firmware (device-tree, ACPI) or from the kernel code itself (board-files, MFD, auxiliary drivers).</p> <p>For a less experienced driver developer, the different APIs that are used to access device properties can be quite confusing and lead to questions: should I use the OF routines? Maybe fwnode or the ...
|
| 2/1/26 |
<p>A new RFC for Netfilter/nftables arrived recently in the netfilter-devel mailing list [1], introducing flexible math operation support for network packet fields. This could solve some migration problems from iptables to nftables and in addition empower other use-cases.</p> <p>This demo will quickly show how it works with simple real-world scenarios.</p> <p>[1] https://lore.kernel.org/netfilter-devel/20250923152452.3618-1-fmancera@suse.de/</p>
|
| 2/1/26 |
<p>Tracing complex systems often requires insights from both the kernel and userspace. While tools like Linux's ftrace excel at kernel-level observability and LTTng provides low-overhead userspace tracing, unifying these disparate data sources for a holistic view remains a challenge: using LTTng for kernel tracing requires an out-of-tree kernel module, which can be a barrier for many users.</p> <p>This talk introduces bt2-ftrace-to-ctf - a new open-source project designed to bridge this gap. Our ...
|
| 2/1/26 |
<p>Creating filesystem images typically requires mounting, copying files, and hoping your build environment doesn't introduce non-determinism. New capabilities in mkfs.xfs solve both problems. You can now populate an XFS filesystem directly from a directory tree at creation time, no mount required. I'll cover the implementation approach, discuss design, and show how to use it. Useful for distributions, embedded systems, and anyone who needs verifiable filesystem artifacts.</p> <p>Reference ...
|
| 2/1/26 |
<p>Correctness of operating system kernel code is very important. Testing is helpful, but does not always thoroughly uncover all issues. In the Whisper team at Inria, we are exploring the possibility of applying formal verification, using Frama-C, to Linux kernel code. This entails writing specifications, constructing loop invariants, and checking correctness with the support of a SMT solver. This talk will report on the opportunities and challenges encountered.</p>
|
