Xdp provides a bare metal packet processing at the lowest level. The xdp programs are written as an ebpf program that will be attached to the driver hook. This is similar to dpdk but unlike dpdk the interface will not be detached from the driver. Instead of using a user space driver the user is allowed to directly read or make changes to network packet data and take decisions on how to handle the packet at an earlier stage with the attached xdp program so that the kernel stack can be eliminated from the data path hence avoiding overheads like converting the packets to skbs context switch costs etc. Basically introduces a new programmable layer in the kernel stack intended to close the performance gap between kernel bypass solutions.
There is a lot of overhead in the linux kernel network data path as mentioned above. In many scenarios the packets don’t have to travel through all the layers in order to reach the decision on what to do about the packet. One of the easiest examples are turning down the DDOS attack packets. The introduction of the architecture is aimed at making the decision at an earlier stage packet processing so that it can be done faster by eliminating much of the overheads in the usual kernel stack.
The xdp support was added to the Linux kernel from v4.8 on wards. See how to build a kernel with xdp support in my another post below
Many useful sample bpf programs are available in samples/bpf folder in the Linux sources. llvm provides the backend for this.
Express data path is a new addition to the linux kernel which is intended to speed up the packet processing or network data processing in linux kernel. This is enabled by using the ebpf virtual machine infrastructure which is available in the kernel for many other purposes already.
XDP make use of a user space c(like) program which manages actions of a kernel space program also written in c that would be attached to the driver hook. Making it possible to make decisions at early stages of packet processing and hence eliminating many over heads involved in kernel network stack. This is still in an early stage. and a lot of potential remains to be untapped.