Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
I find it interesting that the lwn article and what little info I saw
about nftables doesn't either. It seems sufficiently similar, why isn't
it being used as a basis for the opcode interpreter? NIH?
And why the firewalling didn't take a BPF-like approach with an opcode
interpreter and user-space compiler from the start is beyond me.
Nftables: why it isn't based on BPF
Posted Mar 27, 2009 6:55 UTC (Fri) by speedster1 (subscriber, #8143)
A very important feature, one that is missing from all other filters that are built similar in the kernel (like BPF, TC u32 filter, ...), is reconstruction of high level constructs from the representation within the kernel. TC u32 for example allows you to specify "ip daddr X", but when dumping the filter rules it will just display an offset and length.
Nftables: a new packet filtering engine
Posted Mar 27, 2009 18:14 UTC (Fri) by kaber (subscriber, #18366)
Posted Mar 28, 2009 17:21 UTC (Sat) by yoduh (guest, #38527)
Posted Apr 3, 2009 18:22 UTC (Fri) by trasz (guest, #45786)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds