Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDP
an invention by nguyens
Updated almost 2 years ago. 2 hacker ♥️. 2 followers.

Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP

Project Description

The objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search):

  • Use the userland libnetfilter_queue facility (along with the netfilter NFQUEUE target)
  • Use an in-kernel custom hook (via NF_HOOK)
  • Use an eBPF XDP filter

Performance will be measured with two metrics: - response time - throughput

Goal for this Hackweek

  • Develop the 3 use cases (simple programs)
  • Create a simple benchmark to compare the 3 use cases
  • Obtain metrics for response times and throughput for the 3 use cases.

Resources

  • https://netfilter.org/projects/libnetfilter_queue/index.html
  • https://linux-kernel-labs.github.io/refs/heads/master/labs/networking.html#netfilter-1
  • https://en.wikipedia.org/wiki/ExpressDataPath

Code Repository

  • https://github.com/susenguyen/Hackweek_23

Looking for hackers with the skills:

c ebpf netfilter

This project is part of:

Hack Week 23

Activity

  • almost 2 years ago: tracy.walker liked this project.
  • almost 2 years ago: feih liked this project.
  • about 2 years ago: nguyens started this project.
  • about 2 years ago: nguyens removed keyword kerneldevelopment from this project.
  • about 2 years ago: nguyens added keyword "c" to this project.
  • about 2 years ago: nguyens added keyword "kerneldevelopment" to this project.
  • about 2 years ago: nguyens added keyword "ebpf" to this project.
  • about 2 years ago: nguyens added keyword "netfilter" to this project.
  • about 2 years ago: nguyens originated this project.


    • Comments

    • feih
      almost 2 years ago by feih | Reply

      This could be interesting for NeuVector engineering team, I could connect you to the network filter engineers if it makes sense.

    • nguyens
      almost 2 years ago by nguyens | Reply

      Thanks sure. Let me know if you'd like me to report my results to anyone

    Similar Projects

    pudc - A PID 1 process that barks to the internet by mssola

    Description

    As a fun exercise in order to dig deeper into the Linux kernel, its interfaces, the RISC-V architecture, and all the dragons in between; I'm building a blog site cooked like this:

    • The backend is written in a mixture of C and RISC-V assembly.
    • The backend is actually PID1 (for real, not within a container).
    • We poll and parse incoming HTTP requests ourselves.
    • The frontend is a mere HTML page with htmx.

    The project is meant to be Linux-specific, so I'm going to use io_uring, pidfs, namespaces, and Linux-specific features in order to drive all of this.

    I'm open for suggestions and so on, but this is meant to be a solo project, as this is more of a learning exercise for me than anything else.

    Goals

    • Have a better understanding of different Linux features from user space down to the kernel internals.
    • Most importantly: have fun.

    Resources