Traffic filtering at scale on Linux

Keyboard shortcuts

Key

Action

K or space

Play / Pause

Mute / Unmute

Select next subtitles

Select next audio track

Show slide in full page or toggle automatic source change

left arrow

Seek 5s backward

right arrow

Seek 5s forward

shift + left arrow or J

Seek 10s backward

shift + right arrow or L

Seek 10s forward

control + left arrow

Seek 60s backward

control + right arrow

Seek 60s forward

shift + down arrow

Decrease volume

shift + up arrow

Increase volume

shift + coma

Decrease playback speed

shift + dot or shift + semicolon

Increase playback speed

end

Seek to end

beginning

Seek to beginning

Loading Click here to add:

Information on this media

Creation date:

July 3rd, 2018, 9 a.m.

Add date:

July 4th, 2018, 1:25 p.m.

Number of views:

104 (this month: 2)

Speaker:

François Serman

License:

CC BY-SA v4

Visibility:

This media is published

Description

WARNING: the introduction part is missing from the recording, we are sorry for that.

BPF programs are widely known for packet filtering in libpcap (the underlying capture library used by tcpdump and wireshark). One can also use them for performance analysis (perf uses BPF programs), but also for security purposes (seccomp uses BPF as well).

In this talk, we focus on networking and dive into BPF bytecode. First, we will have a look on the available toolchains and API. Then we will jump into actual BPF programs and figure how eBPF can be leveraged to perform traffic filtering using several mechanism amongst socket filtering API, iptables and tc. Finally, we will scratch the surface of XDP capabilities.

François Serman
François filters large numbers of packets and automate things at OVH.