Litcius/Paper detail

Synthesizing safe and efficient kernel extensions for packet processing

Qiongwen Xu, Michael D. Wong, Tanvi Wagle, Srinivas Narayana, Anirudh Sivaraman

202125 citationsDOIOpen Access PDF

Abstract

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data.

Topics & Concepts

ConfigfsComputer scienceKernel (algebra)Operating systemContext switchLinux kernelsysfsPacket processingNetwork packetProgramming languageMemory managementContext (archaeology)Embedded systemParallel computingComputer networkOverlayBiologyPaleontologyCombinatoricsMathematicsParallel Computing and Optimization TechniquesEmbedded Systems Design TechniquesReal-Time Systems Scheduling