|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2016-04-06 13:44:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Early packet drop — and more — with BPF
The Berkeley packet filter (BPF) mechanism
has been working its way into various kernel subsystems since it was
rewritten and extended in 2014. There is, it turns out, great value in an
in-kernel virtual machine that allows for the implementation of arbitrary
policies without writing kernel code. A recent patch set pushing BPF into
networking drivers shows some of the potential of this mechanism — and the
difficulty of designing its integration in a way that will stand the test
of time. If it is successful, it may change the way high-performance
networking is done on Linux systems.
The Berkeley packet filter (BPF) mechanism
has been working its way into various kernel subsystems since it was
rewritten and extended in 2014. There is, it turns out, great value in an
in-kernel virtual machine that allows for the implementation of arbitrary
policies without writing kernel code. A recent patch set pushing BPF into
networking drivers shows some of the potential of this mechanism — and the
difficulty of designing its integration in a way that will stand the test
of time. If it is successful, it may change the way high-performance
networking is done on Linux systems.
