* Extending nftables user-space utility for custom filters
@ 2015-06-29 23:43 Juergen Brendel
0 siblings, 0 replies; only message in thread
From: Juergen Brendel @ 2015-06-29 23:43 UTC (permalink / raw)
To: netfilter-devel
Hello!
I'm still very new to nftables, so hopefully my question isn't too
silly.
>From what I understand so far, one of the neat features of nftables is
that a small VM in the kernel interprets the byte code, which was sent
down to it by the nftables user-space utility.
So it seems to me that if I would like to add some fancy, specialized
type of packet filtering/processing then all I would have to do is to
extend the nftables user-space utility to create new byte code: No
updated kernel or kernel modules required.
Is my understanding correct? And if so, I have these questions:
1. Have the features and capabilities of the in-kernel VM been
documented somewhere? So that I know what is even possible for
the kernel code?
2. Is there any documentation (a howto or getting-started guide),
which explains how to extend the user-space utility so that it
understands new commands and can construct new byte code?
Thank you very much!
Juergen
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-29 23:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-29 23:43 Extending nftables user-space utility for custom filters Juergen Brendel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).