BPF+ Exploiting Global Data-flow Optimization in a Packet Filter Architecture Andrew Begel, Steven McCanne, Susan L. Graham University of California, Berkeley.

Slides:



Advertisements
Similar presentations
P4: specifying data planes
Advertisements

ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
Program Representations. Representing programs Goals.
CPSC Compiler Tutorial 9 Review of Compiler.
6/9/2015© Hal Perkins & UW CSEU-1 CSE P 501 – Compilers SSA Hal Perkins Winter 2008.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Assemblers Dr. Monther Aldwairi 10/21/20071Dr. Monther Aldwairi.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
Topic 6 -Code Generation Dr. William A. Maniatty Assistant Prof. Dept. of Computer Science University At Albany CSI 511 Programming Languages and Systems.
1 Programming Languages Translation  Lecture Objectives:  Be able to list and explain five features of the Java programming language.  Be able to explain.
Improving Code Generation Honors Compilers April 16 th 2002.
Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x y...
Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.
COP4020 Programming Languages
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Query Processing Presented by Aung S. Win.
Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.
10/1/2015© Hal Perkins & UW CSEG-1 CSE P 501 – Compilers Intermediate Representations Hal Perkins Autumn 2009.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
EECB 473 DATA NETWORK ARCHITECTURE AND ELECTRONICS PREPARED BY JEHANA ERMY JAMALUDDIN Basic Packet Processing: Algorithms and Data Structures.
1 Optimizing compiler tools and building blocks project Alexander Drozdov, PhD Sergey Novikov, PhD.
Algorithms & Flowchart
1 CS 201 Compiler Construction Introduction. 2 Instructor Information Rajiv Gupta Office: WCH Room Tel: (951) Office.
Programming language. Definition Programming language is a formal language designed to communicate instructions to a computer. Programming languages can.
Arbitrary Packet Matching in Openflow
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
1 Compiler & its Phases Krishan Kumar Asstt. Prof. (CSE) BPRCE, Gohana.
Compiler Construction CPCS302 Dr. Manal Abdulaziz.
Programming Language Concepts (CIS 635) Elsa L Gunter 4303 GITC NJIT,
Prologue Sung-Dong Kim, Dept. of Computer Engineering, Hansung University.
LLVM IR, File - Praakrit Pradhan. Overview The LLVM bitcode has essentially two things A bitstream container format Encoding of LLVM IR.
Credible Compilation With Pointers Martin Rinard and Darko Marinov Laboratory for Computer Science Massachusetts Institute of Technology.
Single Static Assignment Intermediate Representation (or SSA IR) Many examples and pictures taken from Wikipedia.
CHAPTER 1 INTRODUCTION TO COMPILER SUNG-DONG KIM, DEPT. OF COMPUTER ENGINEERING, HANSUNG UNIVERSITY.
Advanced Computer Systems
Programming SDN Newer proposals Frenetic (ICFP’11) Maple (SIGCOMM’13)
Introduction to Optimization
Compiler Design (40-414) Main Text Book:
Visit for more Learning Resources
Chapter 1 Introduction.
Introduction to Compiler Construction
Weakest Precondition of Unstructured Programs
Scaling the Network: The Internet Protocol
Compilers Principles, Techniques, & Tools Taught by Jing Zhang
Rule Induction for Classification Using
SOFTWARE DESIGN AND ARCHITECTURE
Chapter 1 Introduction.
Princeton University Spring 2016
Introduction to Optimization
Chapter 6 Intermediate-Code Generation
Lesson Objectives Aims Key Words Compiler, interpreter, assembler
COP4020 Programming Languages
Computer Organization and Design Assembly & Compilation
Subject: Language Processor
Searching CLRS, Sections 9.1 – 9.3.
Intermediate Representations Hal Perkins Autumn 2005
Data Flow Analysis Compiler Design
Introduction to Optimization
Scaling the Network: The Internet Protocol
Optimization 薛智文 (textbook ch# 9) 薛智文 96 Spring.
Programming Languages and Compilers (CS 421)
CSE P 501 – Compilers SSA Hal Perkins Autumn /31/2019
Review: What is an activation record?
Intermediate Code Generating machine-independent intermediate form.
Software Testing and QA Theory and Practice (Chapter 5: Data Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Code Optimization.
Presentation transcript:

BPF+ Exploiting Global Data-flow Optimization in a Packet Filter Architecture Andrew Begel, Steven McCanne, Susan L. Graham University of California, Berkeley with acknowledgments to Van Jacobson

The Big Picture With BPF+, we can express packet filters in a high-level language and compile them into efficient code.

The Packet Filter Definition: A tool for selecting packets from a packet stream using a programmable selection criterion. Example: tcp and source net 128.32/16 and destination host web.mit.edu and port 80

Domain-Specific Optimization Tune traditional compiler optimizations for the application of packet filtering. Affords simpler analyses and much more effective optimization. Packet filters are DAGs Engenders linear-time algorithms Combine with Just-In-Time (JIT) assembly.

Comparison of C Optimizer to BPF+ Optimizer 2500 BPF+ Linear BPF+ Hash Optimized C 2000 1500 Filter Time (ns) 1000 500 5 10 15 20 25 30 Number of Table Entries

Related Work Virtual Machine Models: Exploit Filter Structure: CMU/Stanford Packet Filter: MRA87 BPF: Berkeley Packet Filter: MJ93 tcpdump and libpcap MPF: YBMEM94 Exploit Filter Structure: PathFinder: BGPP94 DPF: EK96 Multi-dimensional Range Matching: LS98 Grid of Tries: SVSW98 High-Level Approach: LR Parsing: JC96

Compiler Optimizations Leverage modern compiler technology Powerful intermediate form Static Single Assignment (SSA) Three key optimizations Redundant Predicate Elimination Partial Redundancy Elimination Lookup Table Encapsulation

Redundant Predicate Elimination Packet header parsing leads to many redundant predicates. Unlike traditional optimizations, detect redundant edges rather than redundant computation. Packet filter control flow graphs are edge-rich.

(src host UCB and dest host MIT) or (src host MIT and dest host UCB) All packets between UCB and MIT (src host UCB and dest host MIT) or (src host MIT and dest host UCB)

Partial Redundancy Elimination Packet header parsing also leads to much redundant computation.

src host UCB or src host MIT All packets that come from either UCB or MIT src host UCB or src host MIT

Putting Them Both Together Combining partial redundancy elimination with redundant predicate elimination is much more effective than using either alone. (6 steps later...)

Lookup Table Encapsulation After early optimizations, many predicates reduced to simple field comparisons. Use analysis to discover opportunities for moving into lookup tables. Implementation may use linear search, binary search, hash lookup or any combination of the three.

src host UCB or src host MIT or src host CMU All packets that come from UCB, MIT or CMU src host UCB or src host MIT or src host CMU

Filter Safety Must Be Verified All bytecodes are valid. Jump targets are valid. No loops. All paths terminate with a return instruction. No out-of-bounds reads or writes.

Performance Tests Two types of predicate expressions Dependent (src host (UCB or MIT or CMU) Independent (i.e. TCP, Port 80, dest host UCB) Run on Ultra 10 300 MHz UltraSPARC IIi Four ways to run a filter Unoptimized, Interpreted Optimized, Interpreted Unoptimized, JIT Assembled Optimized, JIT Assembled

Comparison of Linear Search to Hash Lookup 500 450 400 350 Filter Time (ns) 300 250 200 150 BPF+ Linear BPF+ Hash Table 100 5 10 15 20 25 30 Number of Dependent Table Entries

Effects of Optimization and JIT Assembly 1 2 3 4 5 6 7 8 9 60 U n o p t i m i z e d I n t e r p r e t e d O p t i m i z e d I n t e r p r e t e d U n o p t i m i z e d A s s e m b l e d O p t i m i z e d A s s e m b l e d Filter Time (ns) N u m b e r o f D e p e n d e n t T a b l e E n t r i e s

Effects of Optimization and JIT Assembly (log scale) 5 10 15 20 25 30 100 1000 10000 Filter Time (ns) (log scale) Unoptimized Interpreted Optimized Interpreted Unoptimized Assembled Optimized Assembled Number of Dependent Table Entries

Effects of Optimization and JIT Assembly on Independent Predicates (log scale) 4000 2000 1000 700 Filter Time (ns) (log scale) 500 400 300 200 Unoptimized Interpreted Optimized Interpreted Unoptimized Assembled Optimized Assembled 100 1 2 3 4 5 Number of Independent Predicates

Future Work More efficient table lookup representations (LS98, SVSW98) Better support for packet classification Loops Proof-Carrying Code, Necula 96 Intrusion detection Online Updates

Conclusions Packet filters can be specified at a high-level and be efficiently executed. Key idea: Tune familiar global data-flow compiler analyses and optimizations for packet filtering.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.