[PDF][PDF] Accelerating linux security with ebpf iptables
Nowadays, the traditional security features of a Linux system are centered on iptables, which
has been the most used packet filtering mechanism in the Linux kernel for almost 20+ years …
has been the most used packet filtering mechanism in the Linux kernel for almost 20+ years …
Securing Linux with a faster and scalable iptables
The sheer increase in network speed and the massive deployment of containerized
applications in a Linux server has led to the consciousness that iptables, the current de-facto …
applications in a Linux server has led to the consciousness that iptables, the current de-facto …
Extended berkeley packet filter: An application perspective
H Sharaf, I Ahmad, T Dimitriou - IEEE Access, 2022 - ieeexplore.ieee.org
The extended Berkeley Packet Filter (eBPF) is a lightweight and fast 64-bit RISC-like virtual
machine (VM) inside the Linux kernel. eBPF has emerged as the most promising and de …
machine (VM) inside the Linux kernel. eBPF has emerged as the most promising and de …
[图书][B] Linux firewalls: Enhancing security with nftables and beyond
S Suehring - 2015 - books.google.com
The Definitive Guide to Building Firewalls with Linux As the security challenges facing Linux
system and network administrators have grown, the security tools and techniques available …
system and network administrators have grown, the security tools and techniques available …
Performance implications of packet filtering with linux ebpf
Firewall capabilities of operating systems are traditionally provided by inflexible filter
routines or hooks in the kernel. These require privileged access to be configured and are not …
routines or hooks in the kernel. These require privileged access to be configured and are not …
Creating complex network services with ebpf: Experience and lessons learned
The extended Berkeley Packet Filter (eBPF) is a recent technology available in the Linux
kernel that enables flexible data processing. However, so far the eBPF was mainly used for …
kernel that enables flexible data processing. However, so far the eBPF was mainly used for …
Synthesizing safe and efficient kernel extensions for packet processing
Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-
processing functionality in the Linux operating system. BPF allows users to write code in …
processing functionality in the Linux operating system. BPF allows users to write code in …
P4Knocking: Offloading host-based firewall functionalities to the network
The introduction of Software-Defined Networks (SDN) and the evolution towards
programmable data planes bring the opportunity to offload several functions to the data …
programmable data planes bring the opportunity to offload several functions to the data …
Lbm: A security framework for peripherals within the linux kernel
Modern computer peripherals are diverse in their capabilities and functionality, ranging from
keyboards and printers to smartphones and external GPUs. In recent years, peripherals …
keyboards and printers to smartphones and external GPUs. In recent years, peripherals …
Randomization can't stop BPF JIT spray
E Reshetova, F Bonazzi, N Asokan - … August 21–23, 2017, Proceedings 11, 2017 - Springer
Abstract The Linux kernel Berkeley Packet Filter (BPF) and its Just-In-Time (JIT) compiler are
actively used in various pieces of networking equipment where filtering speed is especially …
actively used in various pieces of networking equipment where filtering speed is especially …