Re: [PLUG] VNF/eBPF apps

Michael Lazin via plug on 17 Apr 2023 15:51:37 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] VNF/eBPF apps

From: Michael Lazin via plug <plug@lists.phillylinux.org>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] VNF/eBPF apps
Date: Mon, 17 Apr 2023 18:51:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681771893; x=1684363893; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=FS+FZlQz2k+A6diiV1+zpqZbdb5CeyWn1RkKQDv0KKE=; b=neFAft8/Z3q2GGd1Vo9Pmhr9LclyZtOcjHEcwRYAYTW2+ZZvmnC/y+lDQJoK9wpx63 h2cXKmyLP6PN+fGLumHN+Hovu7E885LtSJ2VAVpmk5xkbgCvmoY4rzzJIxfnOgpXUDDS aVGkyKxUuQsJLo7ICqEBsV3UKCguZMK8WL0jj0eAjLxIJ5UvGAyBDGMEfiXxs/b7oh3s IMn+FZNxTBPXujFymySf2I4hZZkb0R30km0k9C7+DdY9rImwdvT+HRJ/IQa7ajFHwXkE /nT7sWLbJUQfci5gCMJs86TE2w9ADRECPi17cwYG+H0S9LicPwiByyAS3NFPEXMTcgLr h6Kg==
Reply-to: Michael Lazin <microlaser@gmail.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

Sightly off topic since it is not a WAF per se but it does stateful packet inspection very well. They get the positives from the CISCO talos team. They are exceedingly good at making rules to detect packet anomalies.

https://suricata.io.

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

On Mon, Apr 17, 2023 at 6:44 PM Ron Mansolino via plug <plug@lists.phillylinux.org> wrote:

I'm trying to figure out the requirements for building/deploying VNF/eBPF apps.

Deploying them to appliances usually implies vendor management/orchestration.
What about ordinary *ix distribution/installations?
Can you just write something (eg. monitor/filter) and insert it between the ethernet driver and the rest of the kernel?
(and then how would you install it to specified targets?)
Would a WAF work like this? (How can I keep Apache from seeing and logging obvious bogosity?)
My iptables is unwieldy and I'm wondering if there's a more elegant way to monitor/manage what comes in.

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] VNF/eBPF apps
  - From: Ron Mansolino via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] VNF/eBPF apps
Next by Date: [PLUG] FS or exchange: Dell Inspiron 2350
Previous by thread: [PLUG] VNF/eBPF apps
Next by thread: [PLUG] FS or exchange: Dell Inspiron 2350
Index(es):
- Date
- Thread