Presentation is loading. Please wait.

Presentation is loading. Please wait.

BPF+ Exploiting Global Data-flow Optimization in a Packet Filter Architecture Andrew Begel, Steven McCanne, Susan L. Graham University of California, Berkeley.

Published by霖 杭 Modified over 7 years ago

Similar presentations

Presentation on theme: "BPF+ Exploiting Global Data-flow Optimization in a Packet Filter Architecture Andrew Begel, Steven McCanne, Susan L. Graham University of California, Berkeley."— Presentation transcript:

1 BPF+ Exploiting Global Data-flow Optimization in a Packet Filter Architecture Andrew Begel, Steven McCanne, Susan L. Graham University of California, Berkeley with acknowledgments to Van Jacobson

2 The Big Picture With BPF+, we can express packet filters in a high-level language and compile them into efficient code.

3 The Packet Filter Definition: A tool for selecting packets from a packet stream using a programmable selection criterion. Example: tcp and source net / and destination host web.mit.edu and port 80

4 Domain-Specific Optimization
Tune traditional compiler optimizations for the application of packet filtering. Affords simpler analyses and much more effective optimization. Packet filters are DAGs Engenders linear-time algorithms Combine with Just-In-Time (JIT) assembly.

5 Comparison of C Optimizer to BPF+ Optimizer
2500 BPF+ Linear BPF+ Hash Optimized C 2000 1500 Filter Time (ns) 1000 500 5 10 15 20 25 30 Number of Table Entries

6 Related Work Virtual Machine Models: Exploit Filter Structure:
CMU/Stanford Packet Filter: MRA87 BPF: Berkeley Packet Filter: MJ93 tcpdump and libpcap MPF: YBMEM94 Exploit Filter Structure: PathFinder: BGPP94 DPF: EK96 Multi-dimensional Range Matching: LS98 Grid of Tries: SVSW98 High-Level Approach: LR Parsing: JC96

7

8

9 Compiler Optimizations
Leverage modern compiler technology Powerful intermediate form Static Single Assignment (SSA) Three key optimizations Redundant Predicate Elimination Partial Redundancy Elimination Lookup Table Encapsulation

10 Redundant Predicate Elimination
Packet header parsing leads to many redundant predicates. Unlike traditional optimizations, detect redundant edges rather than redundant computation. Packet filter control flow graphs are edge-rich.

11 (src host UCB and dest host MIT) or (src host MIT and dest host UCB)
All packets between UCB and MIT (src host UCB and dest host MIT) or (src host MIT and dest host UCB)

12

13

14

15 Partial Redundancy Elimination
Packet header parsing also leads to much redundant computation.

16 src host UCB or src host MIT
All packets that come from either UCB or MIT src host UCB or src host MIT

17

18

19

20 Putting Them Both Together
Combining partial redundancy elimination with redundant predicate elimination is much more effective than using either alone. (6 steps later...)

21

22 Lookup Table Encapsulation
After early optimizations, many predicates reduced to simple field comparisons. Use analysis to discover opportunities for moving into lookup tables. Implementation may use linear search, binary search, hash lookup or any combination of the three.

23 src host UCB or src host MIT or src host CMU
All packets that come from UCB, MIT or CMU src host UCB or src host MIT or src host CMU

24

25

26

27

28

29 Filter Safety Must Be Verified
All bytecodes are valid. Jump targets are valid. No loops. All paths terminate with a return instruction. No out-of-bounds reads or writes.

30

31 Performance Tests Two types of predicate expressions
Dependent (src host (UCB or MIT or CMU) Independent (i.e. TCP, Port 80, dest host UCB) Run on Ultra MHz UltraSPARC IIi Four ways to run a filter Unoptimized, Interpreted Optimized, Interpreted Unoptimized, JIT Assembled Optimized, JIT Assembled

32 Comparison of Linear Search to Hash Lookup
500 450 400 350 Filter Time (ns) 300 250 200 150 BPF+ Linear BPF+ Hash Table 100 5 10 15 20 25 30 Number of Dependent Table Entries

33 Effects of Optimization and JIT Assembly
1 2 3 4 5 6 7 8 9 60 U n o p t i m i z e d I n t e r p r e t e d O p t i m i z e d I n t e r p r e t e d U n o p t i m i z e d A s s e m b l e d O p t i m i z e d A s s e m b l e d Filter Time (ns) N u m b e r o f D e p e n d e n t T a b l e E n t r i e s

34 Effects of Optimization and JIT Assembly (log scale)
5 10 15 20 25 30 100 1000 10000 Filter Time (ns) (log scale) Unoptimized Interpreted Optimized Interpreted Unoptimized Assembled Optimized Assembled Number of Dependent Table Entries

35 Effects of Optimization and JIT Assembly
on Independent Predicates (log scale) 4000 2000 1000 700 Filter Time (ns) (log scale) 500 400 300 200 Unoptimized Interpreted Optimized Interpreted Unoptimized Assembled Optimized Assembled 100 1 2 3 4 5 Number of Independent Predicates

36 Future Work More efficient table lookup representations (LS98, SVSW98)
Better support for packet classification Loops Proof-Carrying Code, Necula 96 Intrusion detection Online Updates

37 Conclusions Packet filters can be specified at a high-level and be efficiently executed. Key idea: Tune familiar global data-flow compiler analyses and optimizations for packet filtering.

Download ppt "BPF+ Exploiting Global Data-flow Optimization in a Packet Filter Architecture Andrew Begel, Steven McCanne, Susan L. Graham University of California, Berkeley."

Similar presentations

P4: specifying data planes

P4: specifying data planes
ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.

ENGINEERING WORKSHOP Compute Engineering Workshop P4: specifying data planes Mihai Budiu San Jose, March 11, 2015.
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
CPSC 325 - Compiler Tutorial 9 Review of Compiler.

CPSC Compiler Tutorial 9 Review of Compiler.
6/9/2015© 2002-08 Hal Perkins & UW CSEU-1 CSE P 501 – Compilers SSA Hal Perkins Winter 2008.

6/9/2015© Hal Perkins & UW CSEU-1 CSE P 501 – Compilers SSA Hal Perkins Winter 2008.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.

1 Intermediate representation Goals: –encode knowledge about the program –facilitate analysis –facilitate retargeting –facilitate optimization scanning.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.

Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
Assemblers Dr. Monther Aldwairi 10/21/20071Dr. Monther Aldwairi.

Assemblers Dr. Monther Aldwairi 10/21/20071Dr. Monther Aldwairi.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
Topic 6 -Code Generation Dr. William A. Maniatty Assistant Prof. Dept. of Computer Science University At Albany CSI 511 Programming Languages and Systems.

Topic 6 -Code Generation Dr. William A. Maniatty Assistant Prof. Dept. of Computer Science University At Albany CSI 511 Programming Languages and Systems.
1 Programming Languages Translation  Lecture Objectives:  Be able to list and explain five features of the Java programming language.  Be able to explain.

1 Programming Languages Translation  Lecture Objectives:  Be able to list and explain five features of the Java programming language.  Be able to explain.
Improving Code Generation Honors Compilers April 16 th 2002.

Improving Code Generation Honors Compilers April 16 th 2002.
Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x + 10... y...

Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x y...
Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.

Introduction to Optimization Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved.
COP4020 Programming Languages

COP4020 Programming Languages
1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.

1.3 Executing Programs. How is Computer Code Transformed into an Executable? Interpreters Compilers Hybrid systems.
Query Processing Presented by Aung S. Win.

Query Processing Presented by Aung S. Win.
Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.

Topic #10: Optimization EE 456 – Compiling Techniques Prof. Carl Sable Fall 2003.

Similar presentations

Ads by Google