- Apr 25, 2015
- 314
- 395
- 112
Hello dear Ciphers (or R4P3 for the old timers) members.
Today i would like to talk about what i think that will be the future of networking and firewall solutions on linux.
EBPF(Enahanced/Extended Berkeley Packet Filter) and XDP( eXpress Data Path)
Originally Berkeley Packet Filter was designed for capturing and filtering network packets on a register based in-kernel virtual machine. Even though the job of clasic BPF is to deal with network trafic, since linux kernel version 4.4, we have been introduced to a new in-kernel vm that can attach to any kernel event or any socket. It can run simple programs with built-in security measures. It basicly allows you to load program from user space and into the linux kernel (aka GOD MODE ON LINUX).
And what is XDP ?
it is a programmable, high performance packet processor in linux networking data path with ability to process packets at the lowest point in the kernel with out any special hardware requirements. It even allows you to process the packets on arm processors on new NICs with compatible drivers.
Eventhough EBPF and XDP are new technologies and still being developed, we can already see the great potential in them. It can drop upto 20 million packet per sercond per CPU which is a great step towards DOS/DDOS mitigation.
Now i would like to drop few youtube videos here for you guys to watch and some documents for you to understand it better.
sematext.com
Today i would like to talk about what i think that will be the future of networking and firewall solutions on linux.
EBPF(Enahanced/Extended Berkeley Packet Filter) and XDP( eXpress Data Path)
Originally Berkeley Packet Filter was designed for capturing and filtering network packets on a register based in-kernel virtual machine. Even though the job of clasic BPF is to deal with network trafic, since linux kernel version 4.4, we have been introduced to a new in-kernel vm that can attach to any kernel event or any socket. It can run simple programs with built-in security measures. It basicly allows you to load program from user space and into the linux kernel (aka GOD MODE ON LINUX).
And what is XDP ?
it is a programmable, high performance packet processor in linux networking data path with ability to process packets at the lowest point in the kernel with out any special hardware requirements. It even allows you to process the packets on arm processors on new NICs with compatible drivers.
Eventhough EBPF and XDP are new technologies and still being developed, we can already see the great potential in them. It can drop upto 20 million packet per sercond per CPU which is a great step towards DOS/DDOS mitigation.
Now i would like to drop few youtube videos here for you guys to watch and some documents for you to understand it better.
eBPF and XDP for Processing Packets at Bare-metal Speed - Sematext
Learn about the fundamental building blocks of the packet processing ecosystem & why creating XDP programs is painless due to the programmable nature of eBPF/XDP.
sematext.com
