Overview
Explore an innovative eBPF/XDP-based firewall solution for Linux hosts in this conference talk from the Linux Plumbers Conference. Discover how this alternative to traditional iptables offers improved performance, easier policy management, and efficient packet filtering. Learn about the design and implementation using BPF Tables, the logical separation between policy enforcement and configuration data, and the performance benefits compared to iptables. Gain insights into deployment experiences, the use of BPF program arrays for chaining network functions, and a proposal for migrating existing iptables rules to eBPF/XDP-based filtering. Understand how this approach can enhance firewall management, reduce friction between network administrators and application developers, and provide a more efficient packet matching process.
Syllabus
LPC2018 - eBPF / XDP Based Firewall and Packet Filtering
Taught by
Linux Plumbers Conference