Re: [PATCH] tools: add xdp-forwarder

8 Sep 2025

Yureka Lilian <yureka@cyberchaos.dev> writes:
...
The xdp-forwarder's purpose is implementing the functionality needed
within the net-vm (a VM running the Linux drivers for any physical
interfaces on the spectrum system).
In the future, the net-vm will load the included XDP programs on the
passed-through physical interfaces as well as the downstream virtio
interface going into the router (recognized by its special MAC address).
The net-vm needs to multiplex between the physical interfaces, as there
might be several interfaces in the same IOMMU-group.
For this, the XDP program loaded on the physical interfaces
(`prog_physical.o`) applies a VLAN tag corresponding to the interface id
and redirects the packets to the router interface (identified by the
`router_iface` bpf map). In the other direction the XDP program loaded on
the router interface (`prog_router.o`) removes one layer of VLAN tagging
and redirects the packets to the interface read from the VLAN tag.
The helper program `set_router_iface` is used to update the `router_iface`
bpf map to point to the interface passed as argument to the program.
Signed-off-by: Yureka Lilian <yureka@cyberchaos.dev>
---
 pkgs/default.nix                              |   5 +
 tools/default.nix                             |  15 +-
 tools/meson.build                             |   5 +
 tools/meson_options.txt                       |   4 +
 tools/xdp-forwarder/include/parsing_helpers.h | 273 ++++++++++++++++++
 tools/xdp-forwarder/include/rewrite_helpers.h | 145 ++++++++++
 tools/xdp-forwarder/meson.build               |  38 +++
 tools/xdp-forwarder/prog_physical.c           |  37 +++
 tools/xdp-forwarder/prog_router.c             |  43 +++
 tools/xdp-forwarder/set_router_iface.c        |  29 ++
 10 files changed, 591 insertions(+), 3 deletions(-)
 create mode 100644 tools/xdp-forwarder/include/parsing_helpers.h
 create mode 100644 tools/xdp-forwarder/include/rewrite_helpers.h
 create mode 100644 tools/xdp-forwarder/meson.build
 create mode 100644 tools/xdp-forwarder/prog_physical.c
 create mode 100644 tools/xdp-forwarder/prog_router.c
 create mode 100644 tools/xdp-forwarder/set_router_iface.c

diff --git a/pkgs/default.nix b/pkgs/default.nix
index 3b81339..76b2a5c 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,4 +1,5 @@
 # SPDX-FileCopyrightText: 2023-2024 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
 # SPDX-License-Identifier: MIT
{ ... } @ args:
@@ -42,6 +43,10 @@ let
       guestSupport = false;
       hostSupport = true;
     };
+    spectrum-driver-tools = self.callSpectrumPackage ../tools {
+      guestSupport = false;
+      driverSupport = true;
+    };
     xdg-desktop-portal-spectrum-host =
       self.callSpectrumPackage ../tools/xdg-desktop-portal-spectrum-host {};
Probably not copyrightable, since it's not really doing anything new
compared to the other entries.
...
diff --git a/tools/default.nix b/tools/default.nix
index 95d76a1..e664f47 100644
--- a/tools/default.nix
+++ b/tools/default.nix
@@ -1,13 +1,16 @@
 # SPDX-License-Identifier: MIT
 # SPDX-FileCopyrightText: 2022-2025 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
import ../lib/call-package.nix (
 { src, lib, stdenv, fetchCrate, fetchurl, runCommand, buildPackages
 , meson, ninja, pkg-config, rustc
 , clang-tools, clippy
 , dbus
+, clang, libbpf
 , guestSupport ? true
 , hostSupport ? false
+, driverSupport ? false
 }:
let
@@ -70,15 +73,18 @@ stdenv.mkDerivation (finalAttrs: {
       ./lsvm
       ./start-vmm
       ./subprojects
+    ] ++ lib.optionals driverSupport [
+      ./xdp-forwarder
     ]));
   };
   sourceRoot = "source/tools";
depsBuildBuild = lib.optionals hostSupport [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ meson ninja ]
-    ++ lib.optionals guestSupport [ pkg-config ]
-    ++ lib.optionals hostSupport [ rustc ];
-  buildInputs = lib.optionals guestSupport [ dbus ];
+    ++ lib.optionals (guestSupport || driverSupport) [ pkg-config ]
+    ++ lib.optionals hostSupport [ rustc ]
+    ++ lib.optionals driverSupport [ clang ];
+  buildInputs = lib.optionals guestSupport [ dbus ] ++ lib.optionals driverSupport [ libbpf ];
postPatch = lib.optionals hostSupport (lib.concatMapStringsSep "\n" (crate: ''
     mkdir -p subprojects/packagecache
@@ -88,12 +94,15 @@ stdenv.mkDerivation (finalAttrs: {
   mesonFlags = [
     (lib.mesonBool "guest" guestSupport)
     (lib.mesonBool "host" hostSupport)
+    (lib.mesonBool "driver" driverSupport)
     "-Dhostfsrootdir=/run/virtiofs/virtiofs0"
     "-Dtests=false"
     "-Dunwind=false"
     "-Dwerror=true"
   ];
+  hardeningDisable = lib.optionals driverSupport [ "zerocallusedregs" ];
+
   passthru.tests = {
     clang-tidy = finalAttrs.finalPackage.overrideAttrs (
       { name, src, nativeBuildInputs ? [], ... }:
diff --git a/tools/meson.build b/tools/meson.build
index 9cebd03..e49f27c 100644
--- a/tools/meson.build
+++ b/tools/meson.build
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
project('spectrum-tools', 'c',
   default_options : {
@@ -26,3 +27,7 @@ endif
 if get_option('guest')
   subdir('xdg-desktop-portal-spectrum')
 endif
+
+if get_option('driver')
+  subdir('xdp-forwarder')
+endif
Same here.
...
diff --git a/tools/meson_options.txt b/tools/meson_options.txt
index 4af0031..887e388 100644
--- a/tools/meson_options.txt
+++ b/tools/meson_options.txt
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2022-2024 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
option('host', type : 'boolean', value : false,
   description : 'Build tools for the Spectrum host')
@@ -7,6 +8,9 @@ option('host', type : 'boolean', value : false,
 option('guest', type : 'boolean',
   description : 'Build tools for Spectrum guests')
+option('driver', type : 'boolean',
+  description : 'Build tools for Spectrum driver VMs')
+
 option('hostfsrootdir', type : 'string', value : '/run/host',
   description : 'Path where the virtio-fs provided by the host will be mounted')
Same here.
...
diff --git a/tools/xdp-forwarder/include/parsing_helpers.h b/tools/xdp-forwarder/include/parsing_helpers.h
new file mode 100644
index 0000000..3d240cd
--- /dev/null
+++ b/tools/xdp-forwarder/include/parsing_helpers.h
@@ -0,0 +1,273 @@
+/* SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-2-clause) */
+/* Vendored from https://github.com/xdp-project/xdp-tutorial/blob/d3d3eed6ea9a63d1302bfa8b5a8... */
Here I don't see any copyright header at all.  Is
release/checks/reuse.nix happy?
...
diff --git a/tools/xdp-forwarder/meson.build b/tools/xdp-forwarder/meson.build
new file mode 100644
index 0000000..7e60c11
--- /dev/null
+++ b/tools/xdp-forwarder/meson.build
@@ -0,0 +1,38 @@
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
+
+libbpf = dependency('libbpf', version : '1.6.2')
+
+executable('set_router_iface', 'set_router_iface.c',
+  dependencies : libbpf,
+  install : true)
Minor thing: can we call this set-router-iface?  It's just more common
to see executables with dashes in them than underscares.

    