Presented by

  • Yaakov Stein

    Yaakov Stein

    Yaakov is a software engineer at Meta specializing in eBPF and Linux kernel networking. He is a core contributor to the bpfilter project, an open-source initiative to modernize Linux packet filtering using eBPF. His work spans bpfilter's core internals, broadening its feature set, and bringing it to production environments. Previously, he contributed to the sched_ext project, building open-source tooling for eBPF-based Linux schedulers. Currently based in New York, Yaakov enjoys diving into systems and understanding how they work across the different levels of the stack.

Abstract

iptables and nftables have been the standard for Linux packet filtering for years. They work well, but as rulesets grow or network bandwidth increases, performance can become a bottleneck.

bpfilter takes a different approach. It compiles filtering rules from an iptables-like DSL into efficient BPF programs, giving you faster packet processing without asking you to learn how to write complex BPF programs.

This talk covers: - How bpfilter compares to existing tools and what tradeoffs it makes - How to use it from a user's perspective - Where the project is headed and how the community can get involved

You'll leave with a clear picture of whether bpfilter is worth trying and how to get started.