A JIT for packet filters
Posted Apr 17, 2011 1:40 UTC (Sun) by jzbiciak (subscriber, #5246)
I agree that doing this in userspace seems to make much more sense than doing it in the kernel if optimized performance is your main careabout, since you can bring more resources to bear on the problem without bloating the kernel. It then comes down to managing the potential security issues, and trusting the correctness of the translator since you lose any sandboxing the interpreter might have offered.
(Yes, the translator can insert the required bounds checks, but nothing requires it to if you're loading raw machine code into the kernel.)
Posted Apr 17, 2011 21:08 UTC (Sun) by rilder (guest, #59804)
Posted Apr 26, 2011 2:16 UTC (Tue) by welinder (guest, #4699)
Posted May 21, 2011 11:56 UTC (Sat) by snemarch (guest, #75085)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds