How to create virtual interfaces for eBPF packet switching flow?

Question

I have a particular embedded use case that I’m trying to support in a more standard way. There’s a single physical network device in the host OS. Currently, there’s a customized Linux kernel NIC driver to distribute packets from this physical network device between multiple virtual interfaces based on some specified rules (basically, performing switching in software). These virtual interfaces are created by the customized NIC driver and are exposed to socket-based applications in the host, not mapped into VMs or containers.

What I’d like to do is to dispense with this customized driver and use an eBPF program to perform this software switching instead.

My question is this: what is the best way to create the virtual interfaces from userspace, roughly equivalent to the netdevs the customized LAN driver creates today from kernel space?

Can I use dummy interfaces – can eBPF intercept the traffic before it’s dropped?

What about veth interfaces? These seem well suited, but they’re created in pairs, which isn't quite what I need.

Or is there an interface type I’m overlooking?

Thanks!

Answer 1

I'm assuming you'd ideally want the BPF programs to run at the driver as well, so with XDP. Then, I'd use a veth pair: veth1 <> veth2.

XDP programs can only redirect to the egress of other interfaces (using the bpf_redirect helper). So your program will redirect to the egress of veth1 and your applications will listen on veth2.