
Rethinking bpfilter and user-mode helpers - Tomte
https://lwn.net/SubscriberLink/822744/15a744a04ce05180/
======
scott_s
I'm surprised to read this, because about two months ago we discussed an
presentation that claimed "EBPF is turning the Linux kernel into a
microkernel"
([https://news.ycombinator.com/item?id=22953730](https://news.ycombinator.com/item?id=22953730)),
which kicked off an interesting discussion of how we should even define
microkernels.

~~~
eatonphil
Are eBPF and bpfilter the same thing? eBPF has been around longer than
bpfilter right? 3.15 vs 4.18?

~~~
comex
Linux has (at this point) a variety of hooks you can attach eBPF programs to;
bpfilter is one of them. The naming is confusing. BPF stands for Berkeley
Packet Filter, but its original use case was only for capturing a copy of
network packets for inspection (think tcpdump/Wireshark); the "filter" was
just used to select which packets should be captured. bpfilter, on the other
hand, applies eBPF to firewalling – in other words, a more typical definition
of "packet filter".

