diff options
author | magenbluten <magenbluten@emptyspac.ee> | 2019-11-11 07:57:30 +0100 |
---|---|---|
committer | magenbluten <magenbluten@emptyspac.ee> | 2019-11-17 17:20:23 +0100 |
commit | af808bd826c54b13a39e6538d7b5b655de0f3ae3 (patch) | |
tree | c7f379d05cfb5fde868f22368492f48697a32513 /pkgs/os-specific | |
parent | 1a2415e9a9060000efe09b5ebcaee448a8dfd11a (diff) | |
download | nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.tar nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.tar.gz nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.tar.bz2 nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.tar.lz nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.tar.xz nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.tar.zst nixlib-af808bd826c54b13a39e6538d7b5b655de0f3ae3.zip |
linux config: add support for xdp sockets and ebpf jit
xdp socket support (AF_XDP) is the new way of implementing high performance networking on linux. on arch linux and debian this is already enabled (checked via the links from the nixos manual). moreover, these flags are suggested by the bpf documentation at cilium: https://cilium.readthedocs.io/en/latest/bpf/#compiling-the-kernel additionally the flag `BPF_JIT_ALWAYS_ON` on was suggested to help spectre attack mitigations: https://github.com/torvalds/linux/commit/290af86629b25ffd1ed6232c4e9107da031705cb
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 736e872f1baf..f3b9cce2ff4d 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -24,6 +24,13 @@ let # configuration items have to be part of a subattrs flattenKConf = nested: mapAttrs (_: head) (zipAttrs (attrValues nested)); + whenPlatformHasEBPFJit = + mkIf (stdenv.hostPlatform.isAarch32 || + stdenv.hostPlatform.isAarch64 || + stdenv.hostPlatform.isx86_64 || + (stdenv.hostPlatform.isPowerPC && stdenv.hostPlatform.is64bit) || + (stdenv.hostPlatform.isMips && stdenv.hostPlatform.is64bit)); + options = { debug = { @@ -106,7 +113,12 @@ let IP_DCCP_CCID3 = no; # experimental CLS_U32_PERF = yes; CLS_U32_MARK = yes; - BPF_JIT = mkIf (stdenv.hostPlatform.system == "x86_64-linux") yes; + BPF_JIT = whenPlatformHasEBPFJit yes; + BPF_JIT_ALWAYS_ON = whenPlatformHasEBPFJit yes; + HAVE_EBPF_JIT = whenPlatformHasEBPFJit yes; + BPF_STREAM_PARSER = whenAtLeast "4.19" yes; + XDP_SOCKETS = whenAtLeast "4.19" yes; + XDP_SOCKETS_DIAG = whenAtLeast "4.19" yes; WAN = yes; # Required by systemd per-cgroup firewalling CGROUP_BPF = option yes; |