BPF - the forgotten bytecode
The text discusses the history and functionality of the tcpdump tool and its kernel counterpart, the packet filter interface. It explains how tcpdump works by parsing a readable filter expression into a short program in BPF bytecode, which is then attached to the network tap interface for filtering packets. The article also highlights the use of BPF filters in various applications such as traffic shaping, syscalls filtering, and iptables module. It concludes by emphasizing the continued usefulness and speed of BPF, even without enabling its just-in-time compiler.
Company
Cloudflare
Date published
May 21, 2014
Author(s)
Marek Majkowski
Word count
1537
Language
English
Hacker News points
None found.