Introducing the BPF Tools

CloudFlare has open-sourced its BPF (Berkeley Packet Filter) Tools on GitHub. These tools can be used to generate and deploy BPF rules, which are useful in dealing with large scale DDoS attacks. The repository contains several Python scripts that focus on analyzing pcap files and generating BPF bytecode. Currently, the BPF Tools are designed for DNS traffic but can be easily adapted for other stateless floods. These tools have been used by CloudFlare to identify and filter DNS attack traffic.