

BPF – In-kernel virtual machine [pdf] - jsnell
http://events.linuxfoundation.org/sites/events/files/slides/bpf_collabsummit_2015feb20.pdf

======
jgrahamc
BPF is used at CloudFlare for DDoS filtering. We've recently written a JITer
for it as well to get even greater speed.

[https://blog.cloudflare.com/bpf-the-forgotten-
bytecode/](https://blog.cloudflare.com/bpf-the-forgotten-bytecode/)

[https://blog.cloudflare.com/introducing-the-bpf-
tools/](https://blog.cloudflare.com/introducing-the-bpf-tools/)

------
anishathalye
There's been some interesting work that has been done recently on building a
trustworthy BPF verifier (Jitk, OSDI 2014).

[https://www.usenix.org/system/files/conference/osdi14/osdi14...](https://www.usenix.org/system/files/conference/osdi14/osdi14-paper-
wang_xi.pdf)

------
lukego
Next obvious step: Compile the kernel into BPF using LLVM and run it inside
itself.

~~~
heinrich5991
Unfortunately the kernel _does_ have loops…

~~~
njohnson41
If BPF can be used to modify packets, can a filter be used to send packets
through loopback that then come back through the same filter? Sounds like a
way to bootstrap a loop.

~~~
viraptor
You have a very very dangerous mind... I like it.

Actually you could have stateful loops too. Make each packet duplicated at
iptables and each time increment the counter. Send one to 127.0.0.1 (true,
continue) and one to 127.0.0.2 (false, stop). The right answer is accepted,
wrong dropped.

------
amelius
Couldn't this take the same approach as NaCl, where x86 code is being run in a
sandbox environment?

~~~
jsnell
For the kernel use-case it's important to not only prevent dangerous
operations, but also to guarantee termination in very short time.

~~~
amelius
Ok, then perhaps the basic blocks (parts of the code without branches) could
be surrounded with some checking code?

