Talk: "On getting tc classifier fully programmable with cls_bpf" (Daniel Borkmann)


In this talk/paper, we provide a technical deep-dive into the eBPF architecture, comparing it to the classic BPF framework and how tc's (traffic control) packet classification in the kernel is making use of it.

The talk will discuss recently upstreamed features to the kernel and iproute2 and walk through some examples on how classifier/actions can be programmed in restricted C and loaded into the kernel on ingress/egress side with the help of llvm and tc. It'll also cover the topic of sharing eBPF maps and working with eBPF tail calls.