Introduction to eBPF and XDP support in Suricata

a White Paper for Security Practitioners

Download White Paper for an Introduction to eBPF and XDP

eBPF stands for extended Berkeley Packet Filter, but you probably already knew that. The old BPF system is used to filter packets on raw sockets and it has been extended to increase its area of usage. It is indeed now possible to plug an eBPF filter in various places of the Linux kernel to extract information or act on kernel behavior. And eBPF renders this possible by adding multiple kernel and userspace exchange methods.

There are 3 ways eBPF can be used in Suricata. In all of them, the eBPF filter can access the packet data and parse them to extract information.

Download this white paper to learn all about these three ways eBPF can be used in Suricata.

ABOUT STAMUS^® NETWORKS

Stamus Networks is the network intelligence foundation for AI-powered security operations and the creator of the Clear NDR^® system. Built on Suricata, the world's leading open-source network security engine, Clear NDR transforms raw network traffic into actionable security insights with unmatched transparency, customization, and effectiveness. Designed to close visibility gaps and reduce alert fatigue, Clear NDR is trusted by leading financial institutions, government agencies, and has been battle-tested over ten years in NATO's largest cybersecurity exercises. Stamus Networks empowers security teams with greater control, fewer false positives, faster response times, and a more responsive, open approach than legacy vendors.