polito.it
Politecnico di Torino (logo)

Towards a faster Iptables with eBPF

Massimo Tumolo

Towards a faster Iptables with eBPF.

Rel. Fulvio Giovanni Ottavio Risso, Antonio Capone. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2018

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Document access: Anyone
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB) | Preview
Abstract:

Iptables is the de-facto standard Linux firewall. Features are its strength, but its low scalability and poor performance are becoming the bottleneck of network systems. This thesis describes the challenges encountered and, consequently, the choices made while developing a prototype to replace Iptables back-end, the Netfilter, improving performance but keeping the same syntax and semantic. The prototype is developed using eBPF, a technology recently added to the Linux kernel, that allows fast in-kernel packet processing with no modification to the kernel. The results show a great gain over Iptables, and the architecture leaves space for further improvements.

Relators: Fulvio Giovanni Ottavio Risso, Antonio Capone
Academic year: 2018/19
Publication type: Electronic
Number of Pages: 88
Subjects:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/8475
Modify record (reserved for operators) Modify record (reserved for operators)