[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

Bpfilter (and user-mode blobs) for 4.18

Bpfilter (and user-mode blobs) for 4.18

Posted May 30, 2018 22:15 UTC (Wed) by Sesse (subscriber, #53779)
In reply to: Bpfilter (and user-mode blobs) for 4.18 by iabervon
Parent article: Bpfilter (and user-mode blobs) for 4.18

C that does what the BPF does. Especially for a complicated firewall rule (e.g. anything that has to parse the IP option header chain), it would be a fair amount of code for each rule. Similarly, people are pushing a lot of what used to be security modules into BPF, and so on, so it'd be interesting to know approximately what the overhead is.

to post comments

Bpfilter (and user-mode blobs) for 4.18

Posted May 31, 2018 8:34 UTC (Thu) by gdamjan (subscriber, #33634) [Link] (1 responses)

> The core motivation behind bpfilter is performance. An in-kernel, general-purpose packet filter must necessarily offer a wide range of features; any given site will probably only use a small subset of those features. The result is a lot of unused code and time spent checking for whether a given feature is in use, slowing the whole thing down. A packet-filtering configuration expressed as a BPF program, instead, contains only the code needed to implement the desired policy. Once that code is translated to native code by the just-in-time compiler, it should be both compact and fast. The networking developers hope that it will be fast enough to win back some of the users who have moved to proprietary user-space filtering implementations.

Bpfilter (and user-mode blobs) for 4.18

Posted May 31, 2018 10:41 UTC (Thu) by Sesse (subscriber, #53779) [Link]

That's a whole lot of assertion without any benchmarks to back it up.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds