Model checking the BPF verifieran invention by shunghsiyu Project DescriptionBPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490). |
Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDPan idea by nguyens Project DescriptionThe objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search): |