Filtering system calls with a packet filtering language

LtUers will appreciate the new security feature of the Linux kernel that lets you run Berkeley Packet Filter programs over system call arguments. After all, Userland already knows its ABI: system call numbers and desired arguments.

Adding more interpreter-like features to the kernel has been discussed before in the context of splice, a zero-copy data transfer API:

(Of course, the "kernel buffer" notion does allow for a notion of "kernel filters" too, but then you get to shades of STREAMS, and that just scares the crap out of me, so..)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

One step closer to D-trace,

One step closer to D-trace, the streaming aspect-oriented query language for Solaris :)