IDS/IPS and Snort/Suricata Rule Writing

Mohanta, Abhijit; Saldanha, Anoop

doi:10.1007/978-1-4842-6193-4_23

Cited by 1 publication

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The port selection is performed directly in the data plane, requiring read/write access to the eBPF maps. Suricata is an open source Network Intrusion Detection System, which generates eBPF programs to filter traffic as early as possible [41]. In addition to parsing packets and checking access control lists, Suricata keeps also track of aggregated traffic statistics using global state.…”

Section: Discussionmentioning

confidence: 99%

“…eBPF programs can be attached in different hooks in the Linux kernel and, among other uses, programmers use eBPF also to define packet processing tasks. eXpress Data Path (XDP) [19] is the hook in the earliest networking driver stage, i.e., before a packet is received by the kernel's network For instance, network and service providers use XDP to implement load balancing [11], security [2], monitoring [18], deep packet inspection [41] and policy enforcement [8].…”

Section: Introductionmentioning

confidence: 99%

“…FPGAs are a type of re-configurable hardware, and FPGA NICs are widely adopted in datacenter [6], 5G networks [32] and monitoring scenarios [31]. We test eHDL with five eBPF/XDP programs: the Linux's eBPF Router and Tunnel programs; an UDP firewall; the network security monitor Suricata [41]; and a dynamic DNAT. For all these applications, and when processing packets within the NIC, eHDL pipelines forward 100Gbps (line rate) with 64B packets, i.e., 148 Million packets per second (Mpps), with a per-packet forwarding latency of one microsecond.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

eHDL: Turning eBPF/XDP Programs into Hardware Designs for the NIC

Rivitti

Bifulco

Tulumello

et al. 2023

Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems,

View full text Add to dashboard Cite

Scaling network packet processing performance to meet the increasing speed of network ports requires software programs to carefully leverage the network devices' hardware features. This is a complex task for network programmers, who need to learn and deal with the heterogeneity of device architectures, and re-think their software to leverage them. In this paper we make first steps to reverse this design process, enabling the automatic generation of tailored hardware designs starting from a network packet processing program. We introduce eHDL, a high-level synthesis tool that automatically generates hardware pipelines from unmodified Linux's eBPF/XDP programs. eHDL is designed to enable software developers to directly define and implement the hardware functions they need in the NIC. We prototype eHDL targeting a Xilinx Alveo U50 FPGA NIC, and evaluate it with a set of 5 eBPF/XDP programs. Our results show that the generated pipelines are efficient in terms of required hardware resources, using only 6.5%-13.3% of the FPGA, and always achieve the line rate forwarding throughput with about 1 microsecond of per-packet forwarding latency. Compared to other network-specific high-level synthesis tool, eHDL enables software programmers with no hardware expertise to describe stateful functions that operate on the entire packet data. Compared to alternative processor-based solutions that perform eBFP/XDP offloading to a NIC, eHDL provides 10-100x higher throughput. CCS CONCEPTS• Networks → Programming interfaces; • Hardware → Hardware description languages and compilation.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%