Skip to content

xdp: support network namespaces #1138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

xdp: support network namespaces #1138

wants to merge 1 commit into from

Conversation

@3u13r
Copy link

@3u13r 3u13r commented Oct 28, 2025
edited by coderabbitai bot
Loading

Support setting XDP programs on interfaces in namespaces.

Summary by CodeRabbit

Release Notes

  • New Features

    • XDP program attachment now supports configurable flags for enhanced control over network interface behavior.

  • Refactor

    • Reorganized internal XDP operations architecture to improve consistency and maintainability while preserving backward compatibility.

@coderabbitai
Copy link

coderabbitai bot commented Oct 28, 2025
edited
Loading

Walkthrough

Introduces a Handle-based LinkSetXdpFdWithFlags method and corresponding package-level wrapper function in link_linux.go. Refactors the existing LinkSetXdpFd function to delegate to the new implementation, shifting from direct netlink construction to a Handle-based pattern with explicit flags support.

Changes

Cohort / File(s) Change Summary
Handle-based XDP FD setter with flags support
link_linux.go		 Added public method (h *Handle) LinkSetXdpFdWithFlags(link Link, fd, flags int) error that constructs netlink requests via h.newNetlinkRequest and applies XDP attributes through addXdpAttrs. Added package-level wrapper LinkSetXdpFdWithFlags(link Link, fd, flags int) error delegating to pkgHandle.LinkSetXdpFdWithFlags. Refactored existing LinkSetXdpFd to delegate to pkgHandle.LinkSetXdpFdWithFlags(link, fd, 0). Replaced direct ensureIndex calls with h.ensureIndex and nl.NewNetlinkRequest with h.newNetlinkRequest.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant LinkSetXdpFd as LinkSetXdpFd<br/>(package-level)
    participant LinkSetXdpFdWF as LinkSetXdpFdWithFlags<br/>(package-level)
    participant Handle as h.LinkSetXdpFdWithFlags<br/>(Handle method)
    participant Netlink as NetlinkRequest

    Caller->>LinkSetXdpFd: LinkSetXdpFd(link, fd)
    LinkSetXdpFd->>LinkSetXdpFdWF: delegate with flags=0
    LinkSetXdpFdWF->>Handle: call pkgHandle.LinkSetXdpFdWithFlags
    Handle->>Handle: h.ensureIndex(link)
    Handle->>Handle: h.newNetlinkRequest
    Handle->>Handle: addXdpAttrs(req, fd, flags)
    Handle->>Netlink: Execute netlink request
    Netlink-->>Handle: success/error
    Handle-->>LinkSetXdpFdWF: return error
    LinkSetXdpFdWF-->>LinkSetXdpFd: return error
    LinkSetXdpFd-->>Caller: return error
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • Netlink request handling: Verify that h.newNetlinkRequest and h.ensureIndex are correctly used and that error handling is consistent with Handle-based patterns.
  • Attribute attachment: Confirm that addXdpAttrs properly applies both FD and FLAGS to the netlink message for both old and new code paths.
  • Delegation chain: Ensure the three-layer delegation (package → package wrapper → Handle method) maintains correct semantics and doesn't introduce unintended side effects.
  • Backward compatibility: Confirm that existing LinkSetXdpFd callers continue to work identically after refactoring to delegate.

Poem

🐰 A handle now guides the XDP way,
Where flags and FDs dance and play,
No more direct netlink calls so bare—
The Handle refactor shows it cares! 🌟

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The pull request title "xdp: support network namespaces" aligns with the stated PR objectives, which explicitly aim to support setting XDP programs on interfaces in namespaces. The raw summary shows changes that refactor XDP operations to use a Handle-based pattern instead of package-level direct netlink construction, which is the standard mechanism in netlink libraries for enabling network namespace support. The title is clear, specific, and accurately captures the primary intent of the changeset at a high level.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 03b8f90 and 44d9b2d.

📒 Files selected for processing (1)
  • link_linux.go (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
link_linux.go (4)
netlink_unspecified.go (2)
  • LinkSetXdpFdWithFlags (80-82)
  • LinkSetXdpFd (76-78)
handle_linux.go (1)
  • Handle (24-27)
handle_unspecified.go (1)
  • Handle (13-13)
link.go (1)
  • Link (13-16)
🔇 Additional comments (4)
link_linux.go (4)

1036-1037: Namespace-friendly delegation — LGTM

Package-level LinkSetXdpFd now defers to WithFlags(…, 0). Keeps API stable, unlocks ns-aware Handle path.

1039-1041: Handle method delegation — LGTM

h.LinkSetXdpFd delegates to h.LinkSetXdpFdWithFlags with zero flags. Clear and consistent with Handle pattern used elsewhere.

1046-1047: Public WithFlags wrapper — LGTM

Top-level LinkSetXdpFdWithFlags forwards to pkgHandle. Matches existing ergonomics for other link ops.

1049-1064: Verification complete: fd=-1 detach behavior and int→uint32 cast are correct

The review's core concerns have been validated:

  1. Detach behavior (fd=-1): The kernel XDP netlink interface expects IFLA_XDP_FD set to -1 for detach. The existing test (link_test.go-2692) confirms this pattern works, calling LinkSetXdpFd(testXdpLink, -1) in cleanup.

  2. int→uint32 cast semantics: The cast correctly represents -1 as 0xFFFFFFFF in two's complement, which is the expected kernel-side representation. The addXdpAttrs function (link_linux.go-3614) properly encodes this via native.PutUint32(b, uint32(xdp.Fd)).

  3. Implementation status: The core functionality is complete and approved. The suggested LinkSetXdpOff helper and CAS variant are marked as optional refinements ("consider"), not blockers.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@3u13r