[CRIU] GSOC proposal regarding criu and ebpf
Adrian Reber
adrian at lisas.de
Mon Mar 16 18:27:09 MSK 2020
On Sat, Mar 14, 2020 at 12:13:43PM +0530, Sahil Kumar Sahu wrote:
> Recently after completing basic hands-on on eBPF and CRIU, I understood
> the superpowers which comes to kernel by writing and hooking BPF
> programs to probes and hooks, which executes the BPF programs directly
> in kernel-space. In the process, I have few questions and needed your
> guidance to verify whether I am going correct.
>
>
> 1. As per published here, do we need to re-write the entire
> iptables using BPF, or we just need to write BPF for adding and
> modifying IPtables rules -
> http://vger.kernel.org/lpc_net2018_talks/ebpf-firewall-paper-LPC.pdf
>
> 2. I am unable to build and execute bpf-firewall.c, I playing
> around with meson.build to compile it, is there any central tutorials
> available, which I can use to test or try the given bpf-firewall.c -
> https://github.com/systemd/systemd/blob/master/src/core/bpf-firewall.c
>
>
> I have also completed basic hands-on for using XDP to filter packets.
> However, I also certainly understand that we just need to write BPF
> program for flushing and adding rules via Iptables and not implement
> the filtering via XDP.
Please use only wait to reach out. I have now multiple mails and chat
messages from you with the same content.
As described on https://criu.org/Google_Summer_of_Code_Ideas CRIU locks
and unlocks the network using iptables. Instead of using an external
binary (iptables) the goal would be to directly use BPF to lock and
unlock the network. Figuring out if and how to do this would be part of
the task.
Adrian
More information about the CRIU
mailing list