[$] Writing network flow dissectors in BPF

Network packet headers contain a great deal of information, but thekernel often only needs a subset of that information to be able to performfiltering or associate any given packet with a flow. The piece of code thatfollows the different layers of packet encapsulation to find the importantdata is called a flow dissector. In current Linux kernels, the flowdissectoris written in C. A patch set has beenproposed recently to implement it in BPF with the clear goal of improvingsecurity, flexibility, and maybe even performance.