bpfilter
bpfilter copied to clipboard
facebook
BPF-based packet filtering framework
Since `bpfilter` was introduced in the Linux kernel, it used the `GPL-2.0` SPDX identifier. However, this identifier is ambiguous and `GPL-2.0-only` should be used instead. This change update the SPDX...
Use CMake's `ExternalProject_Add()` command to clone, patch, build, and install (within the build directory) `nftables` and `iptables` with `bpfilter` support. Update the documentation to explain how to use these targets.
i have a dream, where all nftables rules are tested statically before insertion into the kernel. reading the bpfilter documentation, it seems that the daemon can be used (transparently?) as...
The [original kernel introduction of bpfilter](https://lwn.net/Articles/747504/) includes a series of usage examples via `iptables` `ping` and `bpftool`. A similar example set of commands (and perhaps expected log output from the...
`bpfilter` is configurable through `nftables` and `iptables`. However, both command line tools only support a limited subset of feature of `bpfilter`. For example, it's not possible to choose the exact...
Hello, Thank you for this project ! I Saw your presentations and I'm interested in this project as this seems to bridge the gap between sysadmins/netadmins (I am) and Software...
An IPv6 packet's `nextheader` field can contain one of the following information: - Layer 4 protocol identifier - [IPv6 extension header identifier](https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml) An IPv6 extension header will be located after...
Generated BPF programs call `kfunc`s and BPF helpers for various purposes, and those call might fail. In this situation, the program will return with a default verdict. There is currently...
With the existing verdicts, it's not possible to forward a packet to the next rule: it is either accepted or dropped. In both cases, the chain won't process the remaining...