Speedrun through Splicing Sockets with Sockmap

Wednesday, 11 October, 2023 - 14:0014:40

Jakub Sitnicki, Cloudflare Inc.


Network proxies have one thing in common. They push data from one side to the other. If the proxy doesn’t touch the data, then it is desirable to offload the job of moving data from one network socket to another to the operating system.

Under Linux, applications can pipe data in batches between sockets with the splice() syscall. However this is not the only way to splice two sockets together!

Linux also offers another way to push packets between two TCP sockets without exiting to user-space, called sockmap. The mechanism is powered by the built-in logic built in the core network stack and a couple of BPF-based components to drive the operation.

In this talk we will go over everything a user needs to know to get started using BPF sockmap. We will also discuss sockmap features, internal design, as well as its caveats and limitations.

Jakub Sitnicki, Cloudflare Inc.

Jakub is a contributor to the networking and BPF subsystems in the Linux kernel. He is also a co-maintainer of the Linux BPF L7 framework, aka sockmap. At Cloudflare he is part of the team which maintains the company’s internal Linux kernel.

@conference {292151,
author = {Jakub Sitnicki},
title = {Speedrun through Splicing Sockets with Sockmap},
year = {2023},
address = {Dublin},
publisher = {USENIX Association},
month = oct