- D. Borkmann. 2018. net: add bpfilter. (feb 2018). https://lwn.net/Articles/747504/Google Scholar
- T. Graf. 2018. Why is the kernel community replacing iptables with BPF? (apr 2018). https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptablesGoogle Scholar
- T.V. Lakshman and D. Stiliadis. 1998. High-speed policy-based packet forwarding using efficient multi-dimensional range matching. In ACM SIGCOMM Computer Communication Review, Vol. 28. ACM, 203--214. Google ScholarDigital Library
- S. Miano, M. Bertrone, F. Risso, M. Vásquez Bernal, and M. Tumolo. 2018. Creating Complex Network Service with eBPF: Experience and Lessons Learned. In High Performance Switching and Routing (HPSR). IEEE.Google Scholar
- P. Russell. 1998. The netfilter.org project. (1998). https://netfilter.org/Google Scholar
Index Terms
Accelerating Linux Security with eBPF iptables
Recommendations
Securing Linux with a faster and scalable iptables
The sheer increase in network speed and the massive deployment of containerized applications in a Linux server has led to the consciousness that iptables, the current de-facto firewall in Linux, may not be able to cope with the current requirements ...
Fast In-kernel Traffic Sketching in eBPF
The extended Berkeley Packet Filter (eBPF) is an infrastructure that allows to dynamically load and run micro-programs directly in the Linux kernel without recompiling it.
In this work, we study how to develop high-performance network measurements in ...
Understanding the Security of Linux eBPF Subsystem
APSys '23: Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on SystemsLinux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier pre-verifies any untrusted eBPF bytecode before running it in kernel context. ...
Comments