Dear all,
I'm looking for up to date documentation on bpfilter in Kernel and what
tools are needed to properly use it. I hope I have come to the right
place :)
The most recent information seems to be this 2018 PDF from Facebook(1)
where they talk about re-implementing a firewall in eBPF using the
existing iptables (not nft/nf_tables?) kernel interface with the use of
a user-space helper module. It seems they mean that the original
iptables tools should work transparently.
Looking at the source code /usr/src/linux-5.3.7-gentoo/net/bpfilter/ we
have both the 'bpfilter.ko' module and the user-mode-helper
bpfilrter_umh as an ELF executable. There is a YouTube video(2) showing
the use of the helper module that seemingly intercepts the standard
iptables (legacy?) rules and converts them to BPF.
What is the status of bpfilter. What are its current capabilities and
how can we make use of them? For example, is some specially patched
iptables user tools required.
Original mailinglist entries with patches:
https://marc.info/?l=netfilter-devel&m=151878844403666&w=2
https://lwn.net/Articles/747551
Thanks,
~A
1) http://vger.kernel.org/lpc_net2018_talks/ebpf-firewall-LPC.pdf
2) https://www.youtube.com/watch?v=AfgwVya9Cog
