All of lore.kernel.org
 help / color / mirror / Atom feed
From: Juergen Brendel <juergen@brendel.com>
To: netfilter-devel@vger.kernel.org
Subject: Extending nftables user-space utility for custom filters
Date: Tue, 30 Jun 2015 11:43:24 +1200	[thread overview]
Message-ID: <1435621404.3480.16.camel@backpack> (raw)


Hello!

I'm still very new to nftables, so hopefully my question isn't too
silly.

>From what I understand so far, one of the neat features of nftables is
that a small VM in the kernel interprets the byte code, which was sent
down to it by the nftables user-space utility.

So it seems to me that if I would like to add some fancy, specialized
type of packet filtering/processing then all I would have to do is to
extend the nftables user-space utility to create new byte code: No
updated kernel or kernel modules required.

Is my understanding correct? And if so, I have these questions:

     1. Have the features and capabilities of the in-kernel VM been
        documented somewhere? So that I know what is even possible for
        the kernel code?
     2. Is there any documentation (a howto or getting-started guide),
        which explains how to extend the user-space utility so that it
        understands new commands and can construct new byte code?

Thank you very much!

Juergen



                 reply	other threads:[~2015-06-29 23:55 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1435621404.3480.16.camel@backpack \
    --to=juergen@brendel.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.