At https://github.com/systemd/systemd/issues/13307 systemd won't migrate from libiptc (xtables) to libnft (nftables) because they expect nftables to be replaced by something BPF-based. So OK, so I looked into that. 1. nftables uses a custom in-kernel VM, not eBPF VM. (It sounds like eBPF was crap or nonexistent when the custom VM was made.) 2. in 2018Q1, some proof-of-concept code used eBPF for xtables: https://lwn.net/Articles/747551/ https://marc.info/?l=netfilter-devel&m=151878844403666&w=2 3. in 2018Q1, some proof-of-concept code to use CBPF for nftables: https://marc.info/?l=linux-netdev&m=151905824829539&w=2 4. since then... nothing? I can't find any later discussion or code. Have I got all that right?
