* Extending nftables user-space utility for custom filters
@ 2015-06-29 23:43 Juergen Brendel
0 siblings, 0 replies; only message in thread
From: Juergen Brendel @ 2015-06-29 23:43 UTC (permalink / raw)
To: netfilter-devel
Hello!
I'm still very new to nftables, so hopefully my question isn't too
silly.
>From what I understand so far, one of the neat features of nftables is
that a small VM in the kernel interprets the byte code, which was sent
down to it by the nftables user-space utility.
So it seems to me that if I would like to add some fancy, specialized
type of packet filtering/processing then all I would have to do is to
extend the nftables user-space utility to create new byte code: No
updated kernel or kernel modules required.
Is my understanding correct? And if so, I have these questions:
1. Have the features and capabilities of the in-kernel VM been
documented somewhere? So that I know what is even possible for
the kernel code?
2. Is there any documentation (a howto or getting-started guide),
which explains how to extend the user-space utility so that it
understands new commands and can construct new byte code?
Thank you very much!
Juergen
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-29 23:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-29 23:43 Extending nftables user-space utility for custom filters Juergen Brendel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.