Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDP
an invention by nguyens
Updated 8 months ago. 2 hacker ♥️. 2 followers.

Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP

Project Description

The objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search):

  • Use the userland libnetfilter_queue facility (along with the netfilter NFQUEUE target)
  • Use an in-kernel custom hook (via NF_HOOK)
  • Use an eBPF XDP filter

Performance will be measured with two metrics: - response time - throughput

Goal for this Hackweek

  • Develop the 3 use cases (simple programs)
  • Create a simple benchmark to compare the 3 use cases
  • Obtain metrics for response times and throughput for the 3 use cases.

Resources

  • https://netfilter.org/projects/libnetfilter_queue/index.html
  • https://linux-kernel-labs.github.io/refs/heads/master/labs/networking.html#netfilter-1
  • https://en.wikipedia.org/wiki/ExpressDataPath

Code Repository

  • https://github.com/susenguyen/Hackweek_23

Looking for hackers with the skills:

c ebpf netfilter

This project is part of:

Hack Week 23

Activity

  • 9 months ago: tracy.walker liked this project.
  • 9 months ago: feih liked this project.
  • 10 months ago: nguyens started this project.
  • 10 months ago: nguyens removed keyword kerneldevelopment from this project.
  • 10 months ago: nguyens added keyword "c" to this project.
  • 10 months ago: nguyens added keyword "kerneldevelopment" to this project.
  • 10 months ago: nguyens added keyword "ebpf" to this project.
  • 10 months ago: nguyens added keyword "netfilter" to this project.
  • 10 months ago: nguyens originated this project.


    • Comments

    • feih
      9 months ago by feih | Reply

      This could be interesting for NeuVector engineering team, I could connect you to the network filter engineers if it makes sense.

    • nguyens
      9 months ago by nguyens | Reply

      Thanks sure. Let me know if you'd like me to report my results to anyone

    • zetisno
      about 2 months ago by zetisno | Reply

      In That’s not my Neighbor players find themselves in a seemingly normal neighborhood that quickly reveals its darker, more sinister side.

    • villagetunic
      about 1 month ago by villagetunic | Reply

      If it makes sense, I can put you in touch with the engineers working on the network filters; this would be of interest to the NeuVector technical team. basketball stars

    • panpan1
      3 days ago by panpan1 | Reply

      This blog is exceptional. It was a pleasure to read your articles. This book was exceedingly entertaining for me run 3. I have bookmarked it and am enthusiastic about reading additional content. Maintain your exceptional performance!

    Similar Projects

    This project is one of its kind!