
BPF comes to firewalls - progval
https://lwn.net/Articles/747551/
======
okket
Previous discussion from 2 months ago:
[https://news.ycombinator.com/item?id=16419039](https://news.ycombinator.com/item?id=16419039)
(43 comments)

------
aisio
Some interesting metrics on bpfilter, especially when combined with smart
network card offloading

[https://www.netronome.com/blog/bpf-ebpf-xdp-and-bpfilter-
wha...](https://www.netronome.com/blog/bpf-ebpf-xdp-and-bpfilter-what-are-
these-things-and-what-do-they-mean-enterprise/)

------
rurban
So should we now forget to disable eBPF jit in our kernel's because it is
insecure (spectre attacks)? And eBPF was made even more insecure, with even
more superpowers. They added tables! Not in dtrace just eBPF, because linux
has so much more superpowers.

Time to switch over to a proper kernel, where such things do not happen.

~~~
progval
BPF != eBPF

~~~
raesene9
Do you have a reference expanding on that? I was just reading up on BPF/eBPF
the other day
([https://lwn.net/Articles/740157/](https://lwn.net/Articles/740157/)) and
([https://qmonnet.github.io/whirl-offload/2016/09/01/dive-
into...](https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/)).

From both of those I gathered that, with reference to Linux, BPF == eBPF, with
the older implementation (cBPF) being deprecated.

So as the linked article is about Linux, I thought that in this case BPF ==
eBPF

