@inproceedings{a4f7443234ac4eb59e5d0c4a95a5d297,
title = "Performance implications of packet filtering with linux eBPF",
abstract = "Firewall capabilities of operating systems are traditionally provided by inflexible filter routines or hooks in the kernel. These require privileged access to be configured and are not easily extensible for custom low-level actions. Since Linux 3.0, the Berkeley Packet Filter (BPF) allows user-written extensions in the kernel processing path. The successor, extended BPF (eBPF), improves flexibility and is realized via a virtual machine featuring both a just-in-time (JIT) compiler and an interpreter running in the kernel. It executes custom eBPF programs supplied by the user, effectively moving kernel functionality into user space. We present two case studies on the usage of Linux eBPF. First, we analyze the performance of the eXpress Data Path (XDP). XDP uses eBPF to process ingress traffic before the allocation of kernel data structures which comes along with performance benefits. In the second case study, eBPF is used to install application-specific packet filtering configurations acting on the socket level. Our case studies focus on performance aspects and discuss benefits and drawbacks.",
keywords = "EBPF, Linux, Performance Measurement, XDP",
author = "Dominik Scholz and Daniel Raumer and Paul Emmerich and Alexander Kurtz and Krzysztof Lesiak and Georg Carle",
note = "Publisher Copyright: {\textcopyright} 2018 ITC Press.; 30th International Teletraffic Congress, ITC 2018 ; Conference date: 04-09-2018 Through 07-09-2018",
year = "2018",
month = oct,
day = "15",
doi = "10.1109/ITC30.2018.00039",
language = "English",
series = "Proceedings of the 30th International Teletraffic Congress, ITC 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "209--217",
editor = "Eitan Altman and Giuseppe Bianchi and Thomas Zinner",
booktitle = "Proceedings of the 30th International Teletraffic Congress, ITC 2018",
}