|
|
Log in / Subscribe / Register

Nftables: a new packet filtering engine

Nftables: a new packet filtering engine

Posted Mar 27, 2009 18:14 UTC (Fri) by kaber (guest, #18366)
In reply to: Nftables: a new packet filtering engine by samroberts
Parent article: Nftables: a new packet filtering engine

The BPF interpreter isn't too useful for this case since you can't update an BPF program incrementally and the filter size is limited to 64k. Its also too limited in many other aspects.

to post comments

Nftables: a new packet filtering engine

Posted Mar 28, 2009 17:21 UTC (Sat) by yoduh (guest, #38527) [Link]

Can you elaborate on these differences for us fresh readers of the bpf-usenix93 paper? Your VM sounds close enough to BPF++ to perhaps describe it in those terms. Both limitations you cite (no incremental update, 64k) sound like implementation decisions made when the goal was picking 1 in 100000 packets, not disposition of every one of them; ie not hard limits.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds