Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2d4f45188d03
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: bc4921a584cf
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Nov 17, 2019

  1. linux config: add support for xdp sockets and ebpf jit 

    xdp socket support (AF_XDP) is the new way of implementing high
performance networking on linux. on arch linux and debian this is
already enabled (checked via the links from the nixos manual).

moreover, these flags are suggested by the bpf documentation at cilium:

https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel

additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help
spectre attack mitigations:

torvalds/linux@290af86
    magenbluten committed Nov 17, 2019
    Copy the full SHA
    af808bd View commit details

Commits on Jan 13, 2020

  1. Merge pull request #73328 from magenbluten/af_xdp 

    linux config: add support for xdp sockets and ebpf jit
    @Lassulus
    Lassulus authored Jan 13, 2020
    Copy the full SHA
    bc4921a View commit details
Showing with 13 additions and 1 deletion.
  1. +13 −1 pkgs/os-specific/linux/kernel/common-config.nix
14 changes: 13 additions & 1 deletion pkgs/os-specific/linux/kernel/common-config.nix
View file
Original file line number Diff line number Diff line change
@@ -24,6 +24,13 @@ let
# configuration items have to be part of a subattrs
flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested));

whenPlatformHasEBPFJit =
mkIf (stdenv.hostPlatform.isAarch32 ||
stdenv.hostPlatform.isAarch64 ||
stdenv.hostPlatform.isx86_64 ||
(stdenv.hostPlatform.isPowerPC && stdenv.hostPlatform.is64bit) ||
(stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit));

options = {

debug = {
@@ -106,7 +113,12 @@ let
IP_DCCP_CCID3 = no; # experimental
CLS_U32_PERF = yes;
CLS_U32_MARK = yes;
BPF_JIT = mkIf (stdenv.hostPlatform.system == "x86_64-linux") yes;
BPF_JIT = whenPlatformHasEBPFJit yes;
BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit yes;
HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes;
BPF_STREAM_PARSER = whenAtLeast "4.19" yes;
XDP_SOCKETS = whenAtLeast "4.19" yes;
XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes;
WAN = yes;
# Required by systemd per-cgroup firewalling
CGROUP_BPF = option yes;