linux linux-kernel iptables netfilter dpdk

How to run Netfilter (iptables, nftables) with DPDK

I'm looking for a fast stateful firewall in Linux that may process lots of packets and send some of them to external programs.

Is it possible to make netfilter (iptables, nftables) working with Intel DPDK in order to improve performance?

Solution

DPDK has a "Kernel Network Interface" that works somewhat like a tap/tun device, but is zero-copy. Using these, you can do your RX/TX in userspace and then pass packets into the linux network stack. I don't know if this would buy you much performance aside from possibly removing some IRQ overhead.

Some other options, if you're not married to netfilter, could be to use one the userspace BSD network stacks (e.g. libuinet) or a rump kernel on top of DPDK.

Does azure blob storage support http2?
get the system home directory in CMake on Linux?
Start up script fails with error "-e: invalid option", what is missing?
How to compile my own glibc C standard library from source and use it?
How to run a piece of code such that it doesn't steal all the focus to itself in QtQuick?
The method of using Regular Expression to express Date and Time: YYYY-MM-DD HH:MM:SS.XXX
Can Windows containers be hosted on Linux?
How to use multiple versions of GCC
Is it possible to disable roll-in / roll-out completely in xfce4?
pthread nice value setting for default scheduler in C
Fail during installation of Pillow (Python module) in Linux
What is the easiest way to create a secured network client in Linux (C) without any external libraries?
Authenticate to Azure with certificate from Linux
Shell Script to Log CAN Messages with FIFO
Python print statements being buffered with > output redirection
How to pass password to scp?
What is the benefit of calling ioread functions when using memory mapped IO
archiving hidden directories with tar
How does Linux's mv work internally?
Explanation of the "--update add" command for Alpine Linux
How to read ring buffer within linux kernel space?
Bash command refuses to run in background with &
How to test if your Linux Support SSE2
NVM: Getting Permission denied with nvm install command
IMAGE_FEATURES vs IMAGE_INSTALL in Yocto
Ansible - Is there a way to get access to USB devices?
Linux - How to track all files accessed by a process?
Can‘t Lock Android MTK 8050 CPU frequency
Does CPU_SET on Linux use logical or physical processor index?
Linux: compute a single hash for a given folder & contents?