[$] Designing ELF modules

The bpfilter proposal posted in Februaryincluded a new type of kernel module that would run as a user-spaceprogram; its purpose is to parse and translate iptables rules under thekernel's control but in a contained, non-kernel setting. These "ELFmodules" were reposted for review as a standalonepatch set in early March. That review has happened; it is agood example of how community involvement can improve a special-purposepatch and turn it into a more generally useful feature.