Networking

Introduction

I’ve been working on a new project that required high-performance UDP load balancing with dynamic weight adjustment. Traditional userspace load balancers introduce latency that’s unacceptable for our use case, so I decided to implement a kernel-level solution using eBPF (extended Berkeley Packet Filter).

The result is ebpflb_udp_wrr, an eBPF-based UDP load balancer that distributes incoming UDP traffic to local listeners using a weighted round-robin algorithm.

Why eBPF and XDP?

eBPF has revolutionized how we can extend kernel functionality without writing kernel modules or modifying the kernel source. Combined with XDP (eXpress Data Path), we can process packets at the earliest possible point in the networking stack—right when they arrive at the network interface—minimizing latency.

A Networking Mystery

Over the past two days, I found myself conducting a complete forensic analysis of my network. Something unexpected had changed the IP address of my main host’s bridge0 interface. Given that a critical React Server Components vulnerability had been released (GHSA-fv66-9v8q-g76r), and I had recently deployed several new Docker containers—some with access to the host Docker socket (I know, not ideal)—I immediately suspected a compromise.

The situation felt serious. By sheer luck, changing the bridge interface address cut all network access to my homelab, which at least contained the potential damage. I examined every Docker image on the system, but found nothing suspicious.