High-performance packet filtering with Pflua
Pflua is a fresh implementation of the well-known pcap-filter language (pflang), designed to filter network traffic in the Snabb Switch. It is, to our knowledge, the fastest pflang implementation. This talk introduces pflua, its two compilation pipelines, its performance, and shows a demonstration of pflua filtering traffic at 10Gb line-speed in a Snabb Switch.
Packet filtering generally works by taking pflang expressions and compiling them to bytecode for the BPF virtual machine. Pflua, a new pflang implementation, instead compiles pflang expressions to Lua code, which are then optimized at run-time to native machine code by a trace compiler (LuaJIT). Tracing seems a particularly appropriate strategy for the packet filtering use case, as you end up with linear machine code that reflects the shape of actual network traffic.
Pflua is a project that lives at the intersection of networking and compilers. Its pflang to Lua compiler builds an AST that is exhaustively optimized, folding constants and tests, inferring ranges of expressions and packet offset values, hoisting assertions that post-dominate success continuations, etc. For compatibility, pflua also has a BPF bytecode to Lua compiler, whch leaves the first layer of compilation to libpcap, while benefitting from pflua's much better run-time performance.
Join us in this Pflua presentation and learn about:
- The architecture of Pflua.
- Compiler optimization techniques implemented in Pflua.
- Benchmarking. How Pflua compares to other packet-filtering solutions. Spoiler: it is sometimes several times faster.
- Real-world demo: filtering with pflua and Snabb Switch.