Advanced Topics and Go Integration
Tracing Mechanisms and XDP Root Pattern
Tracing mechanisms and XDP root pattern - advanced topics for production eBPF.
Tracing Mechanisms
Lab: eBPF Tracing
Not required for XDP but useful:
- Differences between Tracepoints vs Kprobes vs Fprobes
- BTF-enabled tracepoints
- Performance comparison
Note: You practiced kprobe in the eBPFHub exercises in the Network Tracing section. This lab is a deeper dive.
XDP Root Pattern (Program Chaining)
Source: katran/lib/bpf/xdp_root.c (40 lines)
Chaining multiple XDP programs on the same interface:
struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__uint(max_entries, MAX_PROGS);
__uint(key_size, sizeof(__u32));
__uint(value_size, sizeof(__u32));
} jmp_table SEC(".maps");
SEC("xdp")
int xdp_root(struct xdp_md *ctx) {
#pragma unroll
for (__u32 i = 0; i < MAX_PROGS; i++) {
bpf_tail_call(ctx, &jmp_table, i);
}
return XDP_PASS;
}What you will learn:
BPF_MAP_TYPE_PROG_ARRAYdefinitionbpf_tail_callhelper- Bounded loop with
#pragma unroll - Chaining multiple XDP programs
How it works: When bpf_tail_call succeeds, execution jumps to the target program and never returns. If the slot is empty (no program loaded at that index), it silently continues to the next iteration. The XDP_PASS at the end is the fallback — reached only if no programs were loaded.
Loading programs into the jump table (Go side)
// After loading the root program, populate the jump table:
err := objs.JmpTable.Put(uint32(0), objs.XdpDdosFilter) // slot 0: DDoS
err = objs.JmpTable.Put(uint32(1), objs.XdpDnsFilter) // slot 1: DNS
// The root program will now chain: DDoS → DNS → XDP_PASSWhen to use: When you want to run a DDoS engine + DNS filter on the same interface.
Explore in xdp-tutorial: experiment01-tailgrow - tail call / program chaining experiments.