/plushcap/analysis/cloudflare/bpf-the-forgotten-bytecode

BPF - the forgotten bytecode

What's this blog post about?

The text discusses the history and functionality of the tcpdump tool and its kernel counterpart, the packet filter interface. It explains how tcpdump works by parsing a readable filter expression into a short program in BPF bytecode, which is then attached to the network tap interface for filtering packets. The article also highlights the use of BPF filters in various applications such as traffic shaping, syscalls filtering, and iptables module. It concludes by emphasizing the continued usefulness and speed of BPF, even without enabling its just-in-time compiler.

Company
Cloudflare

Date published
May 21, 2014

Author(s)
Marek Majkowski

Word count
1537

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.