An interesting introduction to how Linux currently does packet filtering and how changing to BPF will improve performance.<p>The really amusing thing to me (an OpenBSD user) was the omission of any discussion of the origin of BPF, or even spelling out the acronym (it's the Berkeley Packet Filter).<p>Those GPL guys really really hate acknowledging anything to do with Berkeley! :) Even though in this case it's not directly the University of California, Berkeley but instead the origin of BPF is the Lawrence Berkeley Laboratory.
I posted this on a similar current HN thread about BPF, but also relevant here. See Poettering's blog for how you can do very cool access control things via systemd taking advantage of EBPF:<p><a href="http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html" rel="nofollow">http://0pointer.net/blog/ip-accounting-and-access-lists-with...</a>