linux config: add support for xdp sockets and ebpf jit

xdp socket support (AF_XDP) is the new way of implementing high performance networking on linux. on arch linux and debian this is already enabled (checked via the links from the nixos manual). moreover, these flags are suggested by the bpf documentation at cilium: https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help spectre attack mitigations: 290af86629
2024-12-14 17:53:37 +00:00 · 2019-11-11 07:57:30 +01:00 · 2019-11-11 07:57:30 +01:00 · af808bd826
commit af808bd826
parent 1a2415e9a9
1 changed files with 13 additions and 1 deletions
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@ -24,6 +24,13 @@ let
  # configuration items have to be part of a subattrs
  flattenKConf =  nested: mapAttrs (_: head) (zipAttrs (attrValues nested));

+  whenPlatformHasEBPFJit =
+    mkIf (stdenv.hostPlatform.isAarch32 ||
+          stdenv.hostPlatform.isAarch64 ||
+          stdenv.hostPlatform.isx86_64 ||
+          (stdenv.hostPlatform.isPowerPC && stdenv.hostPlatform.is64bit) ||
+          (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit));
+
  options = {

    debug = {
@ -106,7 +113,12 @@ let
      IP_DCCP_CCID3      = no; # experimental
      CLS_U32_PERF       = yes;
      CLS_U32_MARK       = yes;
-      BPF_JIT            = mkIf (stdenv.hostPlatform.system == "x86_64-linux") yes;
+      BPF_JIT            = whenPlatformHasEBPFJit yes;
+      BPF_JIT_ALWAYS_ON  = whenPlatformHasEBPFJit yes;
+      HAVE_EBPF_JIT      = whenPlatformHasEBPFJit yes;
+      BPF_STREAM_PARSER  = whenAtLeast "4.19" yes;
+      XDP_SOCKETS        = whenAtLeast "4.19" yes;
+      XDP_SOCKETS_DIAG   = whenAtLeast "4.19" yes;
      WAN                = yes;
      # Required by systemd per-cgroup firewalling
      CGROUP_BPF                  = option yes;