Traffic filtering at scale on Linux

Loading Click here to add:
Add to notification list

WARNING: the introduction part is missing from the recording, we are sorry for that.

BPF programs are widely known for packet filtering in libpcap (the underlying capture library used by tcpdump and wireshark). One can also use them for performance analysis (perf uses BPF programs), but also for security purposes (seccomp uses BPF as well).

In this talk, we focus on networking and dive into BPF bytecode. First, we will have a look on the available toolchains and API. Then we will jump into actual BPF programs and figure how eBPF can be leveraged to perform traffic filtering using several mechanism amongst socket filtering API, iptables and tc. Finally, we will scratch the surface of XDP capabilities. 

François Serman 
François filters large numbers of packets and automate things at OVH.