On Fri, Apr 27, 2018 at 9:36 AM, Edward Cree <ecree@xxxxxxxxxxxxxx> wrote: > The higher performance of XDP is because the processing, being done in > the driver, happens earlier in the RX path (thus avoiding the bulk of > network stack processing for packets that e.g. are only going to be > dropped anyway). > But on TX, the analogous driver code would be the _last_ thing in the > path, rather than the first, so in such a case the `tc` approach > should probably perform better than an XDP analogue. Thanks, that is super useful for my mental model! Does that mean it is possible (if slow) to use an XDP filter for TX? I attached a simple one based on the DDOS filter from here: https://github.com/netoptimizer/prototype-kernel/tree/master/kernel/samples/bpf that just debug logged IPs + ports, and I only seemed to see incoming (and not outgoing) packets in the logs. Is there a different/extra flag to pass to have an XDP filter run on TX? yours, Bobby