Combining kTLS and BPF for Introspection and Policy Enforcement

Overview

Explore a technical talk from the Linux Plumbers Conference that delves into combining kernel TLS (kTLS) and Berkeley Packet Filter (BPF) for introspection and policy enforcement. Learn about the current kernel's sockmap BPF architecture for L7 policy enforcement, as well as the ULP and strparser framework used for socket callbacks and message boundary determination. Discover the challenges faced when integrating kTLS with BPF to enable in-kernel introspection and policy enforcement of application data before encryption. Gain insights into various approaches to address ULP layer shortcomings, optimizations for strparser, and the consolidation of scatter/gather processing for kTLS and sockmap. Understand the potential future developments in this area of kernel networking and security.

Syllabus

LPC2018 - Combining kTLS and BPF for Introspection and Policy Enforcement

Taught by

Linux Plumbers Conference

Reviews

Start your review of Combining kTLS and BPF for Introspection and Policy Enforcement

From Zero to Cybersecurity Analyst

Most common

Popular subjects

Popular courses

Combining kTLS and BPF for Introspection and Policy Enforcement

Overview

Syllabus

Taught by

Reviews

From Zero to Cybersecurity Analyst

Taught by

Building Socket-Aware BPF Programs

Cilium's BPF Kernel Datapath Revamped

Socket Termination for Policy Enforcement and Load-Balancing

Program Signing and BPF Policy

Cilium - Kernel Native Security and DDOS Mitigation for Microservices with BPF

HID-BPF

Never Stop Learning.