Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDP
an invention by nguyens
Updated 5 months ago. 2 hacker ♥️. 2 followers.

Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP

Project Description

The objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search):

  • Use the userland libnetfilter_queue facility (along with the netfilter NFQUEUE target)
  • Use an in-kernel custom hook (via NF_HOOK)
  • Use an eBPF XDP filter

Performance will be measured with two metrics: - response time - throughput

Goal for this Hackweek

  • Develop the 3 use cases (simple programs)
  • Create a simple benchmark to compare the 3 use cases
  • Obtain metrics for response times and throughput for the 3 use cases.

Resources

Code Repository

Looking for hackers with the skills:

c ebpf netfilter

This project is part of:

Hack Week 23

Activity

  • 6 months ago: tracy.walker liked this project.
  • 6 months ago: feih liked this project.
  • 7 months ago: nguyens started this project.
  • 7 months ago: nguyens removed keyword kerneldevelopment from this project.
  • 7 months ago: nguyens added keyword "c" to this project.
  • 7 months ago: nguyens added keyword "kerneldevelopment" to this project.
  • 7 months ago: nguyens added keyword "ebpf" to this project.
  • 7 months ago: nguyens added keyword "netfilter" to this project.
  • 7 months ago: nguyens originated this project.


    • Comments

    • feih
      6 months ago by feih | Reply

      This could be interesting for NeuVector engineering team, I could connect you to the network filter engineers if it makes sense.

    • nguyens
      6 months ago by nguyens | Reply

      Thanks sure. Let me know if you'd like me to report my results to anyone

    Similar Projects

    Vulkan Widget for GTK by yudaike

    [comment]: # (Please use the project descriptio...

    Extend GObject based introspectable API to libzypp by zbenjamin

    [comment]: # (Please use the project descriptio...

    80-bit floats support on x86_64 for Valgrind by mfranc

    [comment]: # (Please use the project descriptio...

    The Missing Middle: Add an intermediate brightness setting for auxiliary LEDs in Andúril 2 by gkenion

    [comment]: # (Please use the project descriptio...

    Port OTPClient to GTK >= 4.12 by pstivanin

    Project Description

    OTPClient is currentl...

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...