Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDP
an invention by nguyens
Updated 6 months ago. 2 hacker ♥️. 2 followers.

Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP

Project Description

The objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search):

  • Use the userland libnetfilter_queue facility (along with the netfilter NFQUEUE target)
  • Use an in-kernel custom hook (via NF_HOOK)
  • Use an eBPF XDP filter

Performance will be measured with two metrics: - response time - throughput

Goal for this Hackweek

  • Develop the 3 use cases (simple programs)
  • Create a simple benchmark to compare the 3 use cases
  • Obtain metrics for response times and throughput for the 3 use cases.

Resources

Code Repository

Looking for hackers with the skills:

c ebpf netfilter

This project is part of:

Hack Week 23

Activity

  • 6 months ago: tracy.walker liked this project.
  • 6 months ago: feih liked this project.
  • 7 months ago: nguyens started this project.
  • 7 months ago: nguyens removed keyword kerneldevelopment from this project.
  • 7 months ago: nguyens added keyword "c" to this project.
  • 7 months ago: nguyens added keyword "kerneldevelopment" to this project.
  • 7 months ago: nguyens added keyword "ebpf" to this project.
  • 7 months ago: nguyens added keyword "netfilter" to this project.
  • 7 months ago: nguyens originated this project.


    • Comments

    • feih
      6 months ago by feih | Reply

      This could be interesting for NeuVector engineering team, I could connect you to the network filter engineers if it makes sense.

    • nguyens
      6 months ago by nguyens | Reply

      Thanks sure. Let me know if you'd like me to report my results to anyone

    Similar Projects

    Extract generic testing framework from Linux Test Project code base by acervesato

    Project Description

    The Linux Test Projec...

    Vulkan Widget for GTK by yudaike

    [comment]: # (Please use the project descriptio...

    Avahi Integration and Network Connection by vojha

    Avahi Integration and Network Connection

    ...

    Port OTPClient to GTK >= 4.12 by pstivanin

    Project Description

    OTPClient is currentl...

    The Missing Middle: Add an intermediate brightness setting for auxiliary LEDs in Andúril 2 by gkenion

    [comment]: # (Please use the project descriptio...

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...