XDP (eXpress Data Path) is aneBPF-based high-performance network data path used to send and receivenetwork packets at high rates by bypassing most of theoperating systemnetworking stack. It is merged in theLinux kernel since version 4.8.^[2] This implementation is licensed underGPL. Large technology firms including Amazon, Google and Intel support its development. Microsoft released theirfree and open source implementationXDP for Windows in May 2022.^[1] It is licensed underMIT License.^[3]

The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet. The hook is placed in thenetwork interface controller (NIC) driver just after theinterrupt processing, and before any memory allocation needed by thenetwork stack itself, because memory allocation can be an expensive operation. Due to this design, XDP can drop 26 million packets per second per core withcommodity hardware.^[4]

The eBPF program must pass a preverifier test^[5] before being loaded, to avoid executing malicious code in kernel space. The preverifier checks that the program contains no out-of-bounds accesses, loops or global variables.

The program is allowed to edit the packet data and, after the eBPF program returns, an action code determines what to do with the packet:

• XDP_PASS: let the packet continue through the network stack
• XDP_DROP: silently drop the packet
• XDP_ABORTED: drop the packet with trace point exception
• XDP_TX: bounce the packet back to the same NIC it arrived on
• XDP_REDIRECT: redirect the packet to another NIC oruser space socket via theAF_XDP address family

XDP requires support in the NIC driver but, as not all drivers support it, it can fallback to a generic implementation, which performs the eBPF processing in the network stack, though with slower performance.^[6]

XDP has infrastructure to offload the eBPF program to a network interface controller which supports it, reducing the CPU load. In 2023, only Netronome^[7] cards support it.

Microsoft is partnering with other companies and adding support for XDP in itsMsQuic implementation of theQUIC protocol.^[1]

Along with XDP, a newaddress family entered in the Linux kernel starting 4.18.^[8] AF_XDP, formerly known as AF_PACKETv4 (which was never included in the mainline kernel),^[9] is araw socket optimized for high performance packet processing and allowszero-copy between kernel and applications. As the socket can be used for both receiving and transmitting, it supports high performance network applications purely in user space.^[10]

• Application layer
• Network layer
• Data link layer

• XDP documentation onRead the Docs
• AF_XDP documentation onkernel.org
• xdp-for-windows onGitHub
• XDP walkthrough atFOSDEM 2017 by Daniel Borkmann, Cilium
• AF_XDP atFOSDEM 2018 by Magnus Karlsson,Intel
• eBPF.io - Introduction, Tutorials & Community Resources
• L4Drop: XDP DDoS Mitigations,Cloudflare
• Unimog: Cloudflare's edge load balancer,Cloudflare
• Open-sourcing Katran, a scalable network load balancer,Facebook
• Cilium's L4LB: standalone XDP load balancer,Cilium
• Kube-proxy replacement at the XDP layer,Cilium
• eCHO Podcast on XDP and load balancing

• Command-line software
• Firewall software
• Linux security software
• Linux kernel features
• Free and open-source software
• Microsoft free software
• Software using the GNU General Public License
• Software using the MIT license
• 2016 software
• Free software programmed in C

• Articles with short description
• Short description is different from Wikidata