Berkeley Packet Filter

Berkeley Packet Filter (BPF) is a technology used in certain computer operating systems, such as Linux, to provide a raw interface to data link layer for programs that need to, analyze network traffic. wikipedia

If the driver for the network interface supports promiscuous mod, it allows the interface to be put into that mode so that all packets on the network can be received, even those for other hosts. Van Jacobson co-wrote a paper in 1992. The BSD Packet Filter: A New Architecture for User-level Packet Capture paper

# Security concerns Spectre attack may leverage Linux kernel eBPF JIT compiler (which is off by default) to extract data form kernel processes and allow user-space to read it.

# Related issues AVX register corruption from signal delivery was reported in Linux kernel bug 205663 Nov 26, 2019. page . For reference, this bug was originally reported as memory corruption in Go. We tracked it this far in github

# Capabilities solution BFP compromises the separation of kernel-space and user-space. Apparently we need a new capabilities based microkernel. We need to try and build FushsiaOS