From af808bd826c54b13a39e6538d7b5b655de0f3ae3 Mon Sep 17 00:00:00 2001 From: magenbluten Date: Mon, 11 Nov 2019 07:57:30 +0100 Subject: [PATCH] linux config: add support for xdp sockets and ebpf jit xdp socket support (AF_XDP) is the new way of implementing high performance networking on linux. on arch linux and debian this is already enabled (checked via the links from the nixos manual). moreover, these flags are suggested by the bpf documentation at cilium: https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help spectre attack mitigations: https://github.com/torvalds/linux/commit/290af86629b25ffd1ed6232c4e9107da031705cb --- pkgs/os-specific/linux/kernel/common-config.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 736e872f1ba..f3b9cce2ff4 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -24,6 +24,13 @@ let # configuration items have to be part of a subattrs flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); + whenPlatformHasEBPFJit = + mkIf (stdenv.hostPlatform.isAarch32 || + stdenv.hostPlatform.isAarch64 || + stdenv.hostPlatform.isx86_64 || + (stdenv.hostPlatform.isPowerPC && stdenv.hostPlatform.is64bit) || + (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit)); + options = { debug = { @@ -106,7 +113,12 @@ let IP_DCCP_CCID3 = no; # experimental CLS_U32_PERF = yes; CLS_U32_MARK = yes; - BPF_JIT = mkIf (stdenv.hostPlatform.system == "x86_64-linux") yes; + BPF_JIT = whenPlatformHasEBPFJit yes; + BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit yes; + HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; + BPF_STREAM_PARSER = whenAtLeast "4.19" yes; + XDP_SOCKETS = whenAtLeast "4.19" yes; + XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes; WAN = yes; # Required by systemd per-cgroup firewalling CGROUP_BPF = option yes;