Turbo-HFT

A Zero-Copy High-Frequency Trading engine running entirely inside the Linux Kernel using eBPF & XDP. Bypasses the OS network stack for microsecond-level latency (~5x faster than user space).

Comment

Inspiration

In the world of High-Frequency Trading (HFT), "Time is Money" is not a cliché, it is a literal equation. A single millisecond of latency can mean the difference between a profitable trade and a missed opportunity. So, I was fascinated by the concept of "Kernel Bypass" techniques used by top trading firms, but most of these solutions rely on expensive, proprietary hardware (FPGA) or complex DPDK setups that completely hijack the network card.

I asked myself, "Can we achieve hardware-like speeds using standard Linux tools?"

That led me to eBPF and XDP. The idea of running a trading strategy directly inside the Network Interface Card (NIC) driver, before the OS even knows a packet has arrived, was too exciting to ignore. I wanted to prove that we could cut out the "middleman" (the Linux TCP/IP stack) and execute trades at the speed of the wire.

How we built it

Turbo-HFT is built on a split-architecture design: a high-performance Data Plane and a flexible Control Plane.

  1. The Kernel Engine Written in C, the core engine attaches to the XDP hook of the network interface. ------ Zero-Copy Processing: It intercepts incoming UDP market data packets. Instead of copying them to memory, it inspects them in place.
  2. Manual Protocol Parsing: Wrote a custom parser to strip Ethernet, IP, and UDP headers to reach the proprietary "Market Payload." Algorithmic Execution: The engine compares the live price against a target stored in a BPF Map. If the conditions are met, it rewrites the packet header (Source to Dest), modifies the payload (Turn "Update" into "Buy"), and reflects it back onto the wire using XDP_TX.
  3. The Command & Control Center Written in Python, the dashboard interacts with the kernel via bpftool and BPF Maps.
  4. Live Configuration: We can update the "Target Price" or toggle a "Kill Switch" in real-time. The Kernel picks up these changes instantly without needing a recompile.
  5. Telemetry: The kernel atomically updates a statistics map (Shares Bought, Capital Spent), which the Python dashboard reads to display a live PnL (Profit and Loss) statement.

Challenges we ran into

Building at the kernel level is not that easy. faced several hurdles:

  • The BPF Verifier: The verifier is strict. Spent hours debugging "Packet Bounds" errors. Every time I accessed a byte of the packet, I had to explicitly prove to the compiler that data + offset < data_end, or the kernel would reject the code for safety reasons.

  • Protocol Arithmetic: Had to implement dynamic quantity scaling (buying more shares when the price is lower). Doing math in the kernel while maintaining valid packet checksums was a complex balancing act.

  • Map Communication: Synchronizing the Python dashboard with the C kernel code was tricky. encountered issues where bpftool required specific HEX formatting for map updates, leading to parsing errors that initially broke our "Kill Switch" feature. solved this by implementing a robust hex-packing routine in Python.

What we learned

  • Every Microsecond Counts: We measured the round-trip time of a standard Python bot (~1500µs) versus our XDP engine (~300µs). Seeing a 5x speedup just by changing where the code runs was a revelation.

  • The Power of Observability: eBPF isn't just for monitoring; it's for action. Being able to hot-patch a running trading strategy via BPF Maps showed us the true flexibility of the Linux kernel.

  • Kernel Safety: We learned to appreciate the BPF Verifier. While frustrating, it ensures that our aggressive optimization hacks can never crash the entire operating system.

Built With

  • bpftool
  • c
  • clang/llvm
  • ebpf
  • ethernet
  • iproute2
  • kernel
  • linux
  • make
  • python
  • raw-sockets
  • udp
  • virtual
  • xdp
Share this project:

Updates