On 7/29/25 4:15 AM, Jesper Dangaard Brouer wrote:
That idea has been considered before, but it unfortunately doesn't work from a performance angle. The performance model of XDP_REDIRECT into CPUMAP relies on moving the expensive SKB allocation+init to a remote CPU. This keeps the ingress CPU free to process packets at near line rate (our DDoS use-case). If we allocate the SKB on the ingress-CPU before the redirect, we destroy this load-balancing model and create the exact bottleneck we designed CPUMAP to avoid.
iirc, a xdp prog can be attached to a cpumap. The skb can be created by that xdp prog running on the remote cpu. It should be like a xdp prog returning a XDP_PASS + an optional skb. The xdp prog can set some fields in the skb. Other than setting fields in the skb, something else may be also possible in the future, e.g. look up sk, earlier demux ...etc.
