tBPF: Testing Berkeley Packet Filter Programs Using User Mode Linux

Alexis Brodeur; Guillaume Tassotti; Amine Boukhtouta; Abdeljouad Necir Medakene; Abdelouahed Gherbi

tBPF: Testing Berkeley Packet Filter Programs Using User Mode Linux

Alexis Brodeur, Guillaume Tassotti, Amine Boukhtouta, Abdeljouad Necir Medakene, Abdelouahed Gherbi

Published: 01 Jan 2024, Last Modified: 16 May 2025CloudCom 2024EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: The Berkeley Packet Filter (BPF) is increasingly used for a variety of use cases including auditing, security, monitoring, networking, etc. However, BPF lacks improved and effective tools, which makes the integration of programs written for BPF quite hard in current automated testing solutions and continue integration pipelines. We present tBPF, a library for integration testing of BPF programs that allows automated testing of arbitrary programs in a kernel agnostic manner without superuser privileges. We show that our solution can be integrated in existing development workflows and pipelines to enable reproducible testing and auditing of BPF programs. In this article, we describe our approach and compare it against other approaches in relevant work and literature.

Loading