An eBPF Loophole: Using XDP for Egress Traffic
9 comments
·November 4, 2025ZiiS
I understand they are attached to the phrase "loophole" but it feels fairly like they are using it as designed to me?
tptacek
From 2022: https://www.samd.is/2022/06/13/egress-XDP.html
You can also use XDP for outgoing packets for tap interfaces.
iSloth
Also wondering, why not just use DPDK?
docapotamus
Great post.
In some scenarios veth is being replaced with netkit for a similar reason. Does this impact how you're going to manage this?
loopholelabs
XDP (eXpress Data Path) is the fastest packet processing framework in linux - but it only works for incoming (ingress) traffic. We discovered how to use it for outgoing (egress) traffic by exploiting a loophole in how the linux kernel determines packet direction. Our technique delivers 10x better performance than current solutions, works with existing Docker/Kubernetes containers, and requires zero kernel modifications.
This post not only expands on the overall implementation but also outlines how existing container and VM workloads can immediately take advantage with minimal effort and zero infrastructure changes.
rtkaratekid
Forgive me of my ignorance, but is XDP faster than DPDK for packet processing? It seems like DPDK has had a lot of work done for hardware optimizations that allow speeds that I can’t recall XDP being able to do. I have not looked too deeply into this though, so I’m very open to being wrong!
shivanshvij
Hi HN, Shivansh (founder) here, happy to answer any questions folks might have about the implementation and the benchmarks!
kosolam
Hey I can’t browse the link crashes on ios
They say "By the time a packet reaches the TC hook, the kernel has already processed it through various subsystems for routing, firewalling, and even connection tracking." but surely this is also true before it reaches the VETH?