Firewall capabilities of operating systems are traditionally provided by inflexible filter routines or hooks in the kernel. These require privileged access to be configured and are not easily extensible for custom low-level actions. Since Linux 3.0, the Berkeley Packet Filter (BPF) allows user-written extensions in the kernel processing path. The successor, extended BPF (eBPF), improves flexibility and is realized via a virtual machine featuring both a just-in-time (JIT) compiler and an interpreter running in the kernel. It executes custom eBPF programs supplied by the user, effectively moving kernel functionality into user space.We present two case studies on the usage of Linux eBPF. First we analyze the performance of the eXpress Data Path (XDP). XDP uses eBPF to process ingress traffic before the allocation of kernel data structures which comes along with performance benefits. In the second case study eBPF is used to install application-specific packet filtering configurations acting on the socket level. Our case studies focus on performance aspects and discuss benefits and drawbacks.\dq
%0 Conference Paper
%1 Scholz18ITC30
%A Scholz, Dominik
%A Raumer, Daniel
%A Emmerich, Paul
%A Kurtz, Alexander
%A Lesiak, Krzysztof
%A Carle, Georg
%B 30th International Teletraffic Congress (ITC 30)
%C Vienna, Austria
%D 2018
%K Session_8:_Network_Architectures_and_Paradigms itc itc30
%T Performance Implications of Packet Filtering with Linux eBPF
%U https://gitlab2.informatik.uni-wuerzburg.de/itc-conference/itc-conference-public/-/raw/master/itc30/Scholz18ITC30.pdf?inline=true
%X Firewall capabilities of operating systems are traditionally provided by inflexible filter routines or hooks in the kernel. These require privileged access to be configured and are not easily extensible for custom low-level actions. Since Linux 3.0, the Berkeley Packet Filter (BPF) allows user-written extensions in the kernel processing path. The successor, extended BPF (eBPF), improves flexibility and is realized via a virtual machine featuring both a just-in-time (JIT) compiler and an interpreter running in the kernel. It executes custom eBPF programs supplied by the user, effectively moving kernel functionality into user space.We present two case studies on the usage of Linux eBPF. First we analyze the performance of the eXpress Data Path (XDP). XDP uses eBPF to process ingress traffic before the allocation of kernel data structures which comes along with performance benefits. In the second case study eBPF is used to install application-specific packet filtering configurations acting on the socket level. Our case studies focus on performance aspects and discuss benefits and drawbacks.\dq
@inproceedings{Scholz18ITC30,
abstract = {Firewall capabilities of operating systems are traditionally provided by inflexible filter routines or hooks in the kernel. These require privileged access to be configured and are not easily extensible for custom low-level actions. Since Linux 3.0, the Berkeley Packet Filter (BPF) allows user-written extensions in the kernel processing path. The successor, extended BPF (eBPF), improves flexibility and is realized via a virtual machine featuring both a just-in-time (JIT) compiler and an interpreter running in the kernel. It executes custom eBPF programs supplied by the user, effectively moving kernel functionality into user space.We present two case studies on the usage of Linux eBPF. First we analyze the performance of the eXpress Data Path (XDP). XDP uses eBPF to process ingress traffic before the allocation of kernel data structures which comes along with performance benefits. In the second case study eBPF is used to install application-specific packet filtering configurations acting on the socket level. Our case studies focus on performance aspects and discuss benefits and drawbacks.\dq},
added-at = {2018-09-12T17:41:00.000+0200},
address = {Vienna, Austria},
author = {Scholz, Dominik and Raumer, Daniel and Emmerich, Paul and Kurtz, Alexander and Lesiak, Krzysztof and Carle, Georg},
biburl = {https://www.bibsonomy.org/bibtex/2e92972aa675548dfad2c0cd2e68c49a5/itc},
booktitle = {30th International Teletraffic Congress (ITC 30)},
interhash = {3b03fd5ea888a021c4a8344ad093cf62},
intrahash = {e92972aa675548dfad2c0cd2e68c49a5},
keywords = {Session_8:_Network_Architectures_and_Paradigms itc itc30},
timestamp = {2020-05-24T20:14:34.000+0200},
title = {Performance Implications of Packet Filtering with Linux eBPF},
url = {https://gitlab2.informatik.uni-wuerzburg.de/itc-conference/itc-conference-public/-/raw/master/itc30/Scholz18ITC30.pdf?inline=true},
year = 2018
}