Archivio Istituzionale della RicercaIptables, which is currently the most common firewall on Linux, has shown several limitations over the years, with scalability as a big concern. This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and syntax) with current iptables.
Toward an eBPF-based clone of iptables / Bertrone, Matteo; Miano, Sebastiano; Jianwen, Pi; Risso, FULVIO GIOVANNI OTTAVIO; Tumolo, Massimo. - ELETTRONICO. - (2018). (Intervento presentato al convegno Netdev 0x12, The Technical Conference on Linux Networking tenutosi a Montreal, Canada nel July 2018).
Toward an eBPF-based clone of iptables
BERTRONE, MATTEO;MIANO, SEBASTIANO;Fulvio Risso;TUMOLO, MASSIMO
2018
Abstract
Iptables, which is currently the most common firewall on Linux, has shown several limitations over the years, with scalability as a big concern. This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and syntax) with current iptables.
| File | Dimensione | Formato | |
|---|---|---|---|
|
18NetDev-iptables.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
1.92 MB
Formato
Adobe PDF
|
1.92 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2712607
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo