BPF - the forgotten bytecode

The text discusses the history and functionality of the tcpdump tool and its kernel counterpart, the packet filter interface. It explains how tcpdump works by parsing a readable filter expression into a short program in BPF bytecode, which is then attached to the network tap interface for filtering packets. The article also highlights the use of BPF filters in various applications such as traffic shaping, syscalls filtering, and iptables module. It concludes by emphasizing the continued usefulness and speed of BPF, even without enabling its just-in-time compiler.