BPF, Linux and Networking

Linux 3.13 was just released. As always there are lots of interesting new features but two stand out to me: nftables and cls_bpf.

Nftables is the replacement for iptables. It offers a new syntax, looks easier to use and has a simpler kernel implementation through the use of a JITed BFP-like language instead of dedicated field matching code.

Cls_bpf is a new traffic classifier that makes use of BPF to match packets for traffic shaping purposes.  This is made possible by the BPF JIT that was added to the kernel some time ago.

Additionally, the BPF JIT can now also be used as a security mechanism to filter which syscalls a given process can use.

The commonality to all of these is a small, simple, fast and flexible component in the kernel with the more complex details located in userspace – I really like this design pattern.

One thought on “BPF, Linux and Networking

Leave a Reply to Dan Siemon Cancel reply

Your email address will not be published. Required fields are marked *