[draft] docs(plans): DPDK userspace-networking integration plan (Phase 1)

[skullcrushercmd]

Phase 1 — Design + plan only. No engine C code changes.

Phase 2 implementation is gated on explicit user/orchestrator approval after this plan PR merges. Drafted as part of anygpt-47.

Why

PR #65 landed an AF_XDP integration plan; PR #71 wired the build flag through. The subsequent c6in.metal bench (recorded in memory `anyscan_afxdp_ena_constraint`) showed AWS ENA on kernel ≤6.12.74 forces `drv+copy` (not `drv+zerocopy`), capping the eight-NIC c6in.metal at ~22 M pps aggregate — 2.66× the AF_PACKET baseline but only 22-44% of the AF_XDP plan's 30-50 M pps projection.

PR #63's earlier DPDK scope memo deferred this work on the premise that AF_XDP would clear the throughput target without owning a scanner fork. That premise is invalidated.

DPDK via `vfio-pci` bypasses the ENA kernel driver entirely — no `XDP_ZEROCOPY` cooperation, no `sendto(MSG_DONTWAIT)` wakeup kicks, no kernel-channel constraint. Realistic projection on c6in.metal: 50-100 M pps.

The fork half is also already done — `AnyVM-Tech/anyscan-engine-c` exists (PR #65 / #71 work landed there) and already has a working `io_engine_vtable_t` dispatch with three slots (`af_packet`, `pfring_zc`, `af_xdp`). DPDK slots into the same shape.

What this PR adds

A single new file: `plans/2026-04-28-portscan-dpdk-impl-v1.md` (690 lines).

The plan is comprehensive and mergeable as a reference doc — the user has it in-tree without committing to implementation.

Sections (mirrors PR #65's AF_XDP plan structure):

• §1 Problem and goal — why DPDK now, given the AF_XDP bench result.
• §2 What exists today — vtable dispatch surface in `anyscan-engine-c`, packet-construction surface, BlackRock+rate-limit invariants, AnyScan invocation chain.
• §3 Proposed architecture — file layout (engine repo + AnyScan repo, with detailed LOC estimates), architecture diagram, vtable slot, EAL bring-up sequencing (the non-trivial part), per-thread setup, TX/RX burst loops, ENA/AWS specifics, build-system integration, full AnyScan-side wire-up (mirroring PR fix(build): wire ANYSCAN_USE_AF_XDP=1 through install-external-deps + package-worker-bundle + deploy #71), NIC-binding decision (the question the brief explicitly asked).
• §4 Dependency surface — `libdpdk-dev`, runtime packages, kernel feature checks (`vfio-pci`, hugepages, librte_eal probe), capabilities (`CAP_SYS_RAWIO`/`CAP_IPC_LOCK`/`CAP_NET_ADMIN`), hugepages + `vfio-pci` install-time prerequisites.
• §5 Test plan — synthetic loopback (`net_pcap` PMD or vmxnet3-paired VMs), unit-style verification, live c6in.metal bench, fallback regression, bind/unbind regression, adapter integration, `tools/test-install-external-deps-dpdk.sh` mirror of PR fix(build): wire ANYSCAN_USE_AF_XDP=1 through install-external-deps + package-worker-bundle + deploy #71.
• §6 Risk register — 11 risks with likelihood/impact/mitigation, including `vfio-pci` bind failure, ENA PMD bugs, hugepages exhaustion, missing `--gateway-mac` (DPDK has no kernel ARP), systemd cap drift, EAL argv passthrough, AIMD ceiling coordination with anygpt-33.
• §7 Effort estimate — 12-15 days implementation, ~3-4 weeks total. Compared to PR docs(plans): AF_XDP integration plan for higher pps (Phase 1) #65's 6-8 days for AF_XDP — DPDK is ~2× because EAL bring-up + host setup script + larger LOC envelope. Matches PR [draft] chore(plans): DPDK scope assessment — defer for now #63's "2-3 weeks of focused work" + the AnyScan-side wire-up that PR [draft] chore(plans): DPDK scope assessment — defer for now #63 flagged but didn't budget (PR fix(build): wire ANYSCAN_USE_AF_XDP=1 through install-external-deps + package-worker-bundle + deploy #71 was a separate ~700-LOC PR three weeks after the original AF_XDP plan).
• §8 Rollout plan — 8 small Phase 2 PRs (engine repo + AnyScan repo split), bench memo PR, manual canary, gradual default-on per tier, AnyGPT submodule bump.
• §9 Open questions (deliberately not blocking this plan PR) — multi-NIC EAL argv shape, DPDK+AF_XDP coexistence, 1 GB vs 2 MB hugepages, DPDK PMD version pinning, ENA quirks, optional `--arp-resolve` helper.
• §10 References — DPDK Programmer's Guide, ENA PMD docs, `dpdk-devbind.py` source, `vfio-pci` Linux GSG, PR [draft] chore(plans): DPDK scope assessment — defer for now #63 / docs(plans): AF_XDP integration plan for higher pps (Phase 1) #65 / fix(build): wire ANYSCAN_USE_AF_XDP=1 through install-external-deps + package-worker-bundle + deploy #71 cross-refs, engine repo file:line citations.

NIC-binding decision (the question the brief asked)

Recommendation: dedicated-DPDK-NIC.

• agentd needs kernel networking on eth0 for control-plane heartbeat / remote-update / journal shipping. Binding eth0 to `vfio-pci` would cut the worker off from the orchestrator.
• c6in.metal already has 8 ENIs. eth1..eth7 are scan-only; binding seven NICs to `vfio-pci` while leaving eth0 on the kernel is a clean partition. No new NICs need to be added.
• Single-NIC tiers are explicitly not eligible for DPDK in v1. Skip rule lives in `tools/setup-dpdk.sh` (refuses to bind eth0 or the only NIC) AND in `install-worker-bundle.sh::probe_dpdk_runtime_available` (sets `ANYSCAN_DPDK_AVAILABLE=false` when NIC count < 2). Degrades cleanly to AF_XDP/AF_PACKET on those tiers — no operator-visible failure.
• Bind-at-runtime would force a complex "swap eth1 from kernel to DPDK then back" dance for every scan, with the kernel routing table changing under live agentd. Not worth the complexity.

§3.11 has the full reasoning.

LOC estimate

Component	Est. LOC
Engine repo (`anyscan-engine-c`): `send-dpdk.c` + `recv-dpdk.c` + `dpdk-eal.c` + `dpdk-defs.h` + vtable / Makefile / CLI deltas	~1,100
AnyScan repo: `tools/setup-dpdk.sh` + 5 modified scripts + adapter Python + 1 new bash test	~765
Grand total Phase 2	~1,865

~3.2× the scope of PR #65's AF_XDP plan (580 LOC). The brief's framing ("highest theoretical ceiling but the largest engineering scope") matches.

Coordination

• ✅ Stayed out of `anyscan_rate_controller.py` (anygpt-33 owns it). §6 risk register flags one item that needs anygpt-33 coordination during Phase 2 (AIMD ceiling parameter — the DPDK ceiling is higher than AF_XDP's, so this risk is more acute).
• ✅ Did not touch `/etc/anyscan/runtime.env` or anything ops-owned.
• ✅ Did not touch the AnyGPT submodule pointer.
• ✅ Did not modify the engine repo (anyscan-engine-c) in this PR.

Out of scope (explicit)

• Writing the DPDK C code (Phase 2).
• Bumping the AnyGPT submodule pointer.
• Editing prod systemd units or `runtime.env`.
• Modifying `anyscan-engine-c` source.

Reviewer ask

Please verify:

1. The plan is comprehensive enough that a Phase 2 worker can execute task-by-task without needing additional context.
2. The NIC-binding decision (§3.11) is acceptable — if not, the open question to re-litigate is whether DPDK becomes viable on smaller-tier instances via runtime bind/unbind.
3. The ~3-4 week effort envelope is the right sizing call for the 50-100 M pps payoff vs. AF_XDP's confirmed ~22 M pps.
4. §3.4's EAL argv passthrough convention (`-- -l 0-7 --socket-mem ...`) is acceptable, vs alternatives like a single `--dpdk-eal-args="-l 0-7 --socket-mem ..."` flag.

Disposition

Draft. Do not merge until review approval.

Close + delete branch if a different path (e.g. host-tier change instead of DPDK) is chosen.

Promote to non-draft once review feedback is addressed.

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d0ddceef64

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve argv[0] when passing EAL args to rte_eal_init

This sequencing drops the program-name element from the EAL argv: after splitting on --, the EAL slice starts at -l (per the example), but rte_eal_init(argc, argv) expects an argv shaped like a normal main() argument vector with argv[0] present. If implemented as written, EAL option parsing can skip/mis-handle the first flag and lead to wrong core/device selection or init failure in DPDK mode.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Use installable Ubuntu DPDK runtime package names

The runtime install command uses libdpdk23 (and later libdpdk21), but Ubuntu’s DPDK runtime is packaged as dpdk plus split librte-* runtime libraries (with libdpdk-dev for build-time). Following this plan as-is will make apt-get install fail on the worker path, which then prevents the DPDK availability probe from succeeding and blocks the feature rollout.

Useful? React with 👍 / 👎.