Skip to content
/ ebpf-ips Public

Researching low-level network security and data-plane integration in the Linux kernel and SmartNICs, focusing on XDP, eBPF, and Intel DDP for high-performance packet processing.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fatih881/ebpf-ips

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
core
core
 
 
tests
tests
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
contributing.md
contributing.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

About The Project

This repository documents my research on an IPS (Intrusion Prevention System) powered by the combination of XDP and DDP (Dynamic Device Personalization).

Roadmap

  • Phase 1 (software-only): In this phase, the functions will be coded to work all on host cpu. The main goal in this phase is developing the IPS to work without a DDP profile. In this phase I'm planning on coding other necessary implementations. (e.g., Prometheus implementation)

During this software-only phase, the XDP program cannot rely on DDP to parse the info we specified (like custom tunnels or L7 payloads). This parsing process will be a high compute-load for a normal CPU, but with an ASIC it will be in nanoseconds. To access this data, the XDP program must perform manual, software-based parsing (pointer arithmetic), which is CPU-intensive. This slow, software-based parsing in Phase 1 is intentional. It creates the critical baseline we will benchmark against the fast, hardware-offloaded parsing of Phase 2 (DDP).

  • Phase 2 (hardware-accelerated): This phase is contingent on securing a NIC with XDP_NATIVE and DDP profile support. Upon acquisition, we will refactor the XDP code to use bpf_flow_dissector instead of all of the complexity we have in phase 1 on reading the HTTP payload, and we will offload the CPU load to the ASIC. With the comparative benchmark of phase 1 and 2, we will achieve the final project goal.

Project scope and the idea

  • The idea behind starting this project is firstly my self-learning progress on XDP and DDP. I also want to make comprehensive, comparative benchmarking on it. (e.g., benchmarks: since we have a lot of benchmarks for xdp/userspace, the benchmarks will contain XDP vs. XDP+ DDP)

Goals and Non-Goals

  • What this is for: To explore the boundaries of an IPS system with DDP+XDP. Since DDP requires more than a consumer-level NIC, DDP is a future plan and we must be content with unit and end-to-end tests.

HTTPS needs a SuperNIC so we will be using HTTP traffic for proving the concept.

  • What this is not for: This project is not an attempt to replace something in the industry. It's an architectural exploration.

I am open to feedback, ideas, and discussions regarding this approach. Please take a look at contributing.md.

About

Researching low-level network security and data-plane integration in the Linux kernel and SmartNICs, focusing on XDP, eBPF, and Intel DDP for high-performance packet processing.

Topics

performance-engineering firewall linux-kernel intrusion-detection low-latency nic packet-processing ebpf ips xdp bpf systems-programming network-security smartnic kernel-networking intel-ddp

Resources

Readme

License

GPL-3.0 license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages