Traffic filtering at scale on Linux

Loading
Timeline Slides Search Info
Loading Click here to add:
Add to notification list

WARNING: the introduction part is missing from the recording, we are sorry for that.

BPF programs are widely known for packet filtering in libpcap (the underlying capture library used by tcpdump and wireshark). One can also use them for performance analysis (perf uses BPF programs), but also for security purposes (seccomp uses BPF as well).

In this talk, we focus on networking and dive into BPF bytecode. First, we will have a look on the available toolchains and API. Then we will jump into actual BPF programs and figure how eBPF can be leveraged to perform traffic filtering using several mechanism amongst socket filtering API, iptables and tc. Finally, we will scratch the surface of XDP capabilities. 

François Serman 
François filters large numbers of packets and automate things at OVH.

Other media in the channel "2018"

83 views, 2 this month Glassfish from (IN)Secure admin July 6th, 2018
145 views, 1 this month Shadow on the Wall - Risks and Flaws with Shadowsocks July 6th, 2018
47 views Open Hardware for (software) offensive security July 6th, 2018
34 views Freedom Fighting Mode - Open Source Hacking Harness July 6th, 2018
67 views, 2 this month Expl-iot: IoT Security Testing Framework July 6th, 2018
21 views Io(M)T Security: A year in review July 6th, 2018