Iptables, which is currently the most common firewall on Linux, has shown several limitations over the years, with scalability as a big concern. This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and syntax) with current iptables.

Toward an eBPF-based clone of iptables / Bertrone, Matteo; Miano, Sebastiano; Jianwen, Pi; Risso, FULVIO GIOVANNI OTTAVIO; Tumolo, Massimo. - ELETTRONICO. - (2018). (Intervento presentato al convegno Netdev 0x12, The Technical Conference on Linux Networking tenutosi a Montreal, Canada nel July 2018).

Toward an eBPF-based clone of iptables

BERTRONE, MATTEO;MIANO, SEBASTIANO;Fulvio Risso;TUMOLO, MASSIMO
2018

Abstract

Iptables, which is currently the most common firewall on Linux, has shown several limitations over the years, with scalability as a big concern. This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and syntax) with current iptables.
File in questo prodotto:
File Dimensione Formato  
18NetDev-iptables.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 1.92 MB
Formato Adobe PDF
1.92 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2712607
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo