Abstract
eBPF is a popular technology originating from the Linux kernel that enables safely running user-provided programs in a kernel-context. This technology opened the door for efficient programming in the operating system, especially in its network stack. However, its applicability is not limited to the Linux kernel. Various efforts leveraged the eBPF Instruction Set Architecture (ISA) as the basis of other networking related use cases outside of the Linux kernel. This paper focuses on the pluginized protocols' use case such as PQUIC and xBGP where the eBPF ISA serves as the basis to execute plugins providing per-session protocol behavior. It first quickly describes how the Linux kernel builds around this eBPF ISA to provide enhanced in-kernel network programmability. Then, the paper considers the case of pluginized protocols. Leveraging eBPF outside of the Linux kernel environment requires complementing the eBPF ISA to meet the pluginized protocols' requirements. This paper details these integration efforts. Based on the lessons learned from these, it finally concludes by an applicability discussion of the eBPF ISA to other use cases.
- PQUIC Authors. 2020. uBPF: Userspace eBPF VM (PQUIC version). (2020). https://github.com/p-quic/ubpf/.Google Scholar
- Gilberto Bertin. 2017. XDP in practice: integrating XDP into our DDoS mitigation pipeline. In Technical Conference on Linux Networking, Netdev, Vol. 2. The NetDev Society, 1--5.Google Scholar
- Lawrence Brakmo. 2017. Tcp-bpf: Programmatically tuning tcp behavior through bpf. In NetDev 2.2.Google Scholar
- Marco Spaziani Brunella, Giacomo Belocchi, Marco Bonola, Salvatore Pontarelli, Giuseppe Siracusano, Giuseppe Bianchi, Aniello Cammarano, Alessandro Palumbo, Luca Petrucci, and Roberto Bifulco. 2022. hXDP: Efficient software packet processing on FPGA NICs. Commun. ACM 65, 8 (2022), 92--100.Google ScholarDigital Library
- Byron Cook, Andreas Podelski, and Andrey Rybalchenko. 2006. Terminator: Beyond Safety: (Tool Paper). In Computer Aided Verification: 18th International Conference, CAV 2006, Seattle, WA, USA, August 17-20, 2006. Proceedings 18. Springer, 415--418.Google ScholarDigital Library
- Jonathan Corbet. 2014. BPF: the universal in-kernel virtual machine. Linux Weekly News (May 2014). https://lwn.net/Articles/599755/, Accessed: 2021-02-04.Google Scholar
- Quentin De Coninck, François Michel, Maxime Piraux, Florentin Rochet, Thomas Given-Wilson, Axel Legay, Olivier Pereira, and Olivier Bonaventure. 2019. Pluginizing QUIC. In Proceedings of the ACM Special Interest Group on Data Communication - SIGCOMM '19. ACM Press, Beijing, China, 59--74. Google ScholarDigital Library
- Jake Edge. 2015. A seccomp overview. Linux Weekly News (September 2015). https://old.lwn.net/Articles/656307/.Google Scholar
- Clarence Filsfils, Pablo Camarillo, John Leddy, Daniel Voyer, Satoru Matsushima, and Zhenbin Li. 2021. Segment Routing over IPv6 (SRv6) Network Programming. RFC 8986. (Feb. 2021). Google ScholarDigital Library
- Matt Fleming. 2017. A thorough introduction to eBPF. Linux Weekly News (Dec. 2017).Google Scholar
- Elazar Gershuni, Nadav Amit, Arie Gurfinkel, Nina Narodytska, Jorge A Navas, Noam Rinetzky, Leonid Ryzhyk, and Mooly Sagiv. 2019. Simple and precise static analysis of untrusted linux kernel extensions. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 1069--1084.Google ScholarDigital Library
- Arie Gurfinkel, Temesghen Kahsai, Anvesh Komuravelli, and Jorge A Navas. 2015. The SeaHorn verification framework. In Computer Aided Verification: 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015, Proceedings, Part I. Springer, 343--361.Google ScholarCross Ref
- Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, and David Miller. 2018. The express data path: Fast programmable packet processing in the operating system kernel. In Proceedings of the 14th international conference on emerging networking experiments and technologies. 54--66.Google ScholarDigital Library
- Christian Huitema. 2023. picoquic. (2023).Google Scholar
- IOVisor. 2023. uBPF: Userspace eBPF VM. (2023). https://github.com/iovisor/ubpf.Google Scholar
- Jana Iyengar and Martin Thomson. 2021. QUIC: A UDP-Based Multiplexed and Secure Transport. RFC 9000. (May 2021). Google ScholarDigital Library
- Mathieu Jadin, Quentin De Coninck, Louis Navarre, Michael Schapira, and Olivier Bonaventure. 2022. Leveraging eBPF to make TCP path-aware. IEEE Transactions on Network and Service Management 19, 3 (2022), 2827--2838.Google ScholarCross Ref
- The kernel development community. 2023. BPF Architecture. (2023). https://docs.cilium.io/en/stable/bpf/architecture/#bpf-to-bpf-calls.Google Scholar
- The kernel development community. 2023. BPF Type Format (BTF). (2023). https://www.kernel.org/doc/html/v6.2/bpf/btf.html.Google Scholar
- The kernel development community. 2023. eBPF Instruction Set Specification, v1.0. (2023). https://www.kernel.org/doc/html/latest/bpf/instruction-set.html.Google Scholar
- Joanne Koong. 2021. [PATCH v3 bpf-next 0/4] Add bpf_loop helper. (2021). https://lore.kernel.org/bpf/[email protected]/T/.Google Scholar
- Daniel Kroening and Michael Tautschnig. 2014. CBMC-C Bounded Model Checker: (Competition Contribution). In Tools and Algorithms for the Construction and Analysis of Systems: 20th International Conference, TACAS 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014. Proceedings 20. Springer, 389--391.Google ScholarCross Ref
- David Lebrun and Olivier Bonaventure. 2017. Implementing ipv6 segment routing in the linux kernel. In Proceedings of the Applied Networking Research Workshop. 35--41.Google ScholarDigital Library
- Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture.. In USENIX winter, Vol. 46.Google Scholar
- François Michel, Alejandro Cohen, Derya Malak, Quentin De Coninck, Muriel Médard, and Olivier Bonaventure. 2022. FlEC: Enhancing QUIC with application-tailored reliability mechanisms. IEEE/ACM Transactions on Networking (2022).Google Scholar
- Quentin Monnet. 2023. rbpf: Rust (user-space) virtual machine for eBPF. (2023). https://github.com/qmonnet/rbpf.Google Scholar
- Andrii Nakryiko. 2020. BPF CO-RE (Compile Once - Run Everywhere). (2020). https://nakryiko.com/posts/bpf-portability-and-co-re/.Google Scholar
- Akshay Narayan, Frank Cangialosi, Deepti Raghavan, Prateesh Goyal, Srinivas Narayana, Radhika Mittal, Mohammad Alizadeh, and Hari Balakrishnan. 2018. Restructuring endpoint congestion control. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 30--43.Google ScholarDigital Library
- Louis Navarre, François Michel, and Olivier Bonaventure. 2021. SRv6-FEC: bringing forward erasure correction to IPv6 segment routing. In Proceedings of the SIGCOMM'21 Poster and Demo Sessions. 45--47.Google ScholarDigital Library
- Richard Prinz et al. 2023. hBPF = eBPF in hardware. (2023). https://github.com/rprinz08/hBPF.Google Scholar
- Yakov Rekhter, Susan Hares, and Tony Li. 2006. A Border Gateway Protocol 4 (BGP-4). RFC 4271. (Jan. 2006). Google ScholarDigital Library
- Nicolas Rybowski, Quentin De Coninck, Tom Rousseaux, Axel Legay, and Olivier Bonaventure. 2021. Implementing the plugin distribution system. In Proceedings of the SIGCOMM'21 Poster and Demo Sessions. 39--41.Google ScholarDigital Library
- Dave Thaler. 2023. eBPF ELF Profile Specification, v0.1. Internet-Draft draft-thaler-bpf-elf-00. Internet Engineering Task Force. https://datatracker.ietf.org/doc/draft-thaler-bpf-elf/00/ Work in Progress.Google Scholar
- Dave Thaler. 2023. eBPF Instruction Set Specification, v1.0. Internet-Draft draft-thaler-bpf-isa-00. Internet Engineering Task Force. https://datatracker.ietf.org/doc/draft-thaler-bpf-isa/00/ Work in Progress.Google Scholar
- Dave Thaler and Poorna Gaddehosur. 2021. Making eBPF work on Windows. (May 2021). https://cloudblogs.microsoft.com/opensource/2021/05/10/making-ebpf-work-on-windows/.Google Scholar
- Viet-Hoang Tran and Olivier Bonaventure. 2020. Beyond socket options: Towards fully extensible Linux transport stacks. Computer Communications 162 (2020), 118--138.Google ScholarCross Ref
- David Vernet. 2023. [PATCH bpf-next v3] bpf/docs: Document kfunc lifecycle / stability expectations. (2023). https://www.spinics.net/lists/kernel/msg4676660.html.Google Scholar
- Robert Wahbe, Steven Lucco, Thomas E Anderson, and Susan L Graham. 1994. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review 27, 5 (1994), 203--216.Google ScholarDigital Library
- Thomas Wirtgen, Quentin De Coninck, Randy Bush, Laurent Vanbever, and Olivier Bonaventure. 2020. Xbgp: When you can't wait for the ietf and vendors. In Proceedings of the 19th ACM Workshop on Hot Topics in Networks. 1--7.Google ScholarDigital Library
- Thomas Wirtgen, Tom Rousseaux, Quentin De Coninck, Nicolas Rybowski, Randy Bush, Laurent Vanbever, Axel Legay, and Olivier Bonaventure. 2023. xBGP: Faster Innovation in Routing Protocols. In 20th USENIX Symposium on Networked Systems Design and Implementation (NSDI 23).Google Scholar
- xBGP Authors. 2023. LibxBGP. (2023). https://github.com/pluginized-protocols/libxbgp.Google Scholar
- Mathieu Xhonneux and Olivier Bonaventure. 2018. Flexible failure detection and fast reroute using eBPF and SRv6. In 2018 14th International Conference on Network and Service Management (CNSM). IEEE, 408--413.Google Scholar
- Mathieu Xhonneux, Fabien Duchene, and Olivier Bonaventure. 2018. Leveraging ebpf for programmable network functions with ipv6 segment routing. In Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. 67--72.Google ScholarDigital Library
- Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In 2009 30th IEEE Symposium on Security and Privacy. 79--93. ISSN: 2375-1207. Google ScholarDigital Library
- Jianer Zhou, Xinyi Qiu, Zhenyu Li, Gareth Tyson, Qing Li, Jingpu Duan, and Yi Wang. 2021. Antelope: A framework for dynamic selection of congestion control algorithms. In 2021 IEEE 29th International Conference on Network Protocols (ICNP). IEEE, 1--11.Google ScholarCross Ref
Index Terms
- On Integrating eBPF into Pluginized Protocols
Recommendations
Understanding the Security of Linux eBPF Subsystem
APSys '23: Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on SystemsLinux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier pre-verifies any untrusted eBPF bytecode before running it in kernel context. ...
Fast In-kernel Traffic Sketching in eBPF
The extended Berkeley Packet Filter (eBPF) is an infrastructure that allows to dynamically load and run micro-programs directly in the Linux kernel without recompiling it.
In this work, we study how to develop high-performance network measurements in ...
Verifying the Verifier: eBPF Range Analysis Verification
Computer Aided VerificationAbstractThis paper proposes an automated method to check the correctness of range analysis used in the Linux kernel ’s eBPF verifier. We provide the specification of soundness for range analysis performed by the eBPF verifier. We automatically generate ...
Comments