Synthesizing safe and efficient kernel extensions for packet processing
Qiongwen Xu, Michael D. Wong, Tanvi Wagle, Srinivas Narayana, Anirudh Sivaraman
Abstract
Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data.
Topics & Concepts
ConfigfsComputer scienceKernel (algebra)Operating systemContext switchLinux kernelsysfsPacket processingNetwork packetProgramming languageMemory managementContext (archaeology)Embedded systemParallel computingComputer networkOverlayBiologyPaleontologyCombinatoricsMathematicsParallel Computing and Optimization TechniquesEmbedded Systems Design TechniquesReal-Time Systems Scheduling