You are here

Linux's packet mmap(2), BPF, and the Netsniff-NG toolkit

Submitted by ahf on Thu, 03/07/2013 - 22:33

This talk will cover internals of the PF_PACKET socket in the Linux kernel, in particular the packet mmap() mechanism ("zero-copy") that is used to improve packet capturing and transmission performance from user space. In addition to that, the Berkeley Packet Filter will be partially covered with its built-in kernel space "virtual machine" and just-in-time compiler. As an application on top of that, the netsniff-ng toolkit will be presented (http://netsniff-ng.org/), which can be used to facilitate a network developer's daily kernel plumbing, but also the daily work of system administrators or security consultants.

About the speaker

http://borkmann.ch

Schedule info
Status: 
Accepted
Speaker(s): 
Daniel Borkmann