Hello!
I'm still very new to nftables, so hopefully my question isn't too
silly.
>From what I understand so far, one of the neat features of nftables is
that a small VM in the kernel interprets the byte code, which was sent
down to it by the nftables user-space utility.
So it seems to me that if I would like to add some fancy, specialized
type of packet filtering/processing then all I would have to do is to
extend the nftables user-space utility to create new byte code: No
updated kernel or kernel modules required.
Is my understanding correct? And if so, I have these questions:
1. Have the features and capabilities of the in-kernel VM been
documented somewhere? So that I know what is even possible for
the kernel code?
2. Is there any documentation (a howto or getting-started guide),
which explains how to extend the user-space utility so that it
understands new commands and can construct new byte code?
Thank you very much!
Juergen
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
