gatekeeper icon indicating copy to clipboard operation
gatekeeper copied to clipboard

Published 20 hours ago verified publisher icon AltraMayor

Have a BPF example for QUIC

Open AltraMayor opened this issue 4 years ago • 0 comments

Soon the QUIC protocol will become an Internet standard; one can track the status of all related RFCs here. Therefore, we need a BPF example for QUIC, so users can support it in their policies.

Questions to consider in the writing of the BPF example:

  1. How to avoid the analog of TCP SYN floods?
  2. The initial QUIC packets have a specific minimum length, so the BPF program could quickly verify this requirement.
  3. What else can be validated in the protocol? For example, is there a way to avoid the equivalent of a TCP SYN+ACK packet going to a listening socket?

AltraMayor avatar Oct 27 '20 19:10 AltraMayor