Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDP
an invention by nguyens
Updated almost 2 years ago. 2 hacker ♥️. 2 followers.

Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP

Project Description

The objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search):

  • Use the userland libnetfilter_queue facility (along with the netfilter NFQUEUE target)
  • Use an in-kernel custom hook (via NF_HOOK)
  • Use an eBPF XDP filter

Performance will be measured with two metrics: - response time - throughput

Goal for this Hackweek

  • Develop the 3 use cases (simple programs)
  • Create a simple benchmark to compare the 3 use cases
  • Obtain metrics for response times and throughput for the 3 use cases.

Resources

  • https://netfilter.org/projects/libnetfilter_queue/index.html
  • https://linux-kernel-labs.github.io/refs/heads/master/labs/networking.html#netfilter-1
  • https://en.wikipedia.org/wiki/ExpressDataPath

Code Repository

  • https://github.com/susenguyen/Hackweek_23

Looking for hackers with the skills:

c ebpf netfilter

This project is part of:

Hack Week 23

Activity

  • about 2 years ago: tracy.walker liked this project.
  • about 2 years ago: feih liked this project.
  • about 2 years ago: nguyens started this project.
  • about 2 years ago: nguyens removed keyword kerneldevelopment from this project.
  • about 2 years ago: nguyens added keyword "c" to this project.
  • about 2 years ago: nguyens added keyword "kerneldevelopment" to this project.
  • about 2 years ago: nguyens added keyword "ebpf" to this project.
  • about 2 years ago: nguyens added keyword "netfilter" to this project.
  • about 2 years ago: nguyens originated this project.


    • Comments

    • feih
      about 2 years ago by feih | Reply

      This could be interesting for NeuVector engineering team, I could connect you to the network filter engineers if it makes sense.

    • nguyens
      almost 2 years ago by nguyens | Reply

      Thanks sure. Let me know if you'd like me to report my results to anyone

    Similar Projects

    pudc - A PID 1 process that barks to the internet by mssola

    Description

    As a fun exercise in order to dig deeper into the Linux kernel, its interfaces, the RISC-V architecture, and all the dragons in between; I'm building a blog site cooked like this:

    • The backend is written in a mixture of C and RISC-V assembly.
    • The backend is actually PID1 (for real, not within a container).
    • We poll and parse incoming HTTP requests ourselves.
    • The frontend is a mere HTML page with htmx.

    The project is meant to be Linux-specific, so I'm going to use io_uring, pidfs, namespaces, and Linux-specific features in order to drive all of this.

    I'm open for suggestions and so on, but this is meant to be a solo project, as this is more of a learning exercise for me than anything else.

    Goals

    • Have a better understanding of different Linux features from user space down to the kernel internals.
    • Most importantly: have fun.

    Resources

    Port OTPClient to GTK >= 4.18 by pstivanin

    Project Description

    OTPClient is currently using GTK3 and cannot easily be ported to GTK4. Since GTK4 came out, there have been quite some big changes. Also, there are now some new deprecation that will take effect with GTK5 (and are active starting from 4.10 as warnings), so I need to think ahead and port OTPClient without using any of those deprecated features.

    Goal for this Hackweek

    • fix the last 3 opened issues (https://github.com/paolostivanin/OTPClient/issues/402, https://github.com/paolostivanin/OTPClient/issues/404, https://github.com/paolostivanin/OTPClient/issues/406) and release a new version
    • continue the rewrite from where we left last year
    • if possible, finally close this 6 years old issue: https://github.com/paolostivanin/OTPClient/issues/123