| 1 | <!DOCTYPE html> |
| 2 | <html> |
| 3 | <head> |
| 4 | <meta http-equiv='content-type' content='text/html; charset=utf-8'> |
| 5 | <meta name='viewport' content='width=device-width, initial-scale=1.0'> |
| 6 | <style type='text/css'> |
| 7 | body { margin: 1em 15%; } |
| 8 | </style> |
| 9 | </head> |
| 10 | <body> |
| 11 | <div class='story-header'> |
| 12 | <h1><a href='0000764200.html'>[$] Writing network flow dissectors in BPF</a></h1> |
| 13 | <div class='details'>([Kernel] Sep 6, 2018 15:59 UTC (Thu) (corbet))</div> |
| 14 | <br/> |
| 15 | <div class='content' style='text-align: justify'> |
| 16 | Network packet headers contain a great deal of information, but the kernel often only needs a subset of that information to be able to perform filtering or associate any given packet with a flow. The piece of code that follows the different layers of packet encapsulation to find the important data is called a flow dissector. In current Linux kernels, the flow dissector is written in C. A patch set has been proposed recently to implement it in BPF with the clear goal of improving security, flexibility, and maybe even performance. |
| 17 | </div> |
| 18 | <hr/> |
| 19 | </div> |
| 20 | </body> |