Deep Packet Inspection: compare the performance between libnetfilter_queue, NF_HOOK and eBPF XDP
an invention by nguyens
an invention by nguyens
Updated
almost 2 years
ago.
2 hacker ♥️.
2 followers.
Deep Packet Inspection: compare the performance between libnetfilterqueue, NFHOOK and eBPF XDP
Project Description
The objective is to benchmark 3 different methods to perform deep packet inspection (layer 4 payload string search):
- Use the userland libnetfilter_queue facility (along with the netfilter NFQUEUE target)
- Use an in-kernel custom hook (via NF_HOOK)
- Use an eBPF XDP filter
Performance will be measured with two metrics: - response time - throughput
Goal for this Hackweek
- Develop the 3 use cases (simple programs)
- Create a simple benchmark to compare the 3 use cases
- Obtain metrics for response times and throughput for the 3 use cases.
Resources
- https://netfilter.org/projects/libnetfilter_queue/index.html
- https://linux-kernel-labs.github.io/refs/heads/master/labs/networking.html#netfilter-1
- https://en.wikipedia.org/wiki/ExpressDataPath
Code Repository
- https://github.com/susenguyen/Hackweek_23
This project is part of:
Hack Week 23
Activity
Comments
Similar Projects
pudc - A PID 1 process that barks to the internet by mssola
Description
As a fun exercise in order to dig deeper into the Linux kernel, its interfaces, the RISC-V architecture, and all the dragons in between; I'm building a blog site cooked like this:
- The backend is written in a mixture of C and RISC-V assembly.
- The backend is actually PID1 (for real, not within a container).
- We poll and parse incoming HTTP requests ourselves.
- The frontend is a mere HTML page with htmx.
The project is meant to be Linux-specific, so I'm going to use io_uring, pidfs, namespaces, and Linux-specific features in order to drive all of this.
I'm open for suggestions and so on, but this is meant to be a solo project, as this is more of a learning exercise for me than anything else.
Goals
- Have a better understanding of different Linux features from user space down to the kernel internals.
- Most importantly: have fun.
Resources