Skip to content

Daemon-less bpfilter #382

New issue
New issue
Open
Feature
Open
Daemon-less bpfilter#382
Feature
Assignees
qdeslandes
Labels
area: cliCommand line interface(s)area: codegenBPF bytecode generationarea: front-endFront-ends: parsing and translationarea: loaderBPF programs managementpriority: 0Critical/blocker
Milestone
2026 H1
@qdeslandes

Description

@qdeslandes
qdeslandes
opened on Jan 21, 2026

bpfilter currently operates as a daemon running on the system. While this was perfectly acceptable originally, it's now a subpar design that could be improved into a library-only approach.

Exporting bpfilter solely as a library (with bfcli as CLI) would:

  • Reduce risks of ABI breakage: better versioning, no serialized data exposed to the user
  • Allow for easier integration: the long-term plan would be to submit an iptables-legacy integration, then a nftables integration
  • Improve overall design: reduces new features cost
  • Increase stability: users would be responsible for loading/attaching the programs (through the library)

This is a large project that requires extensive design before any work.

Metadata

Metadata

Assignees

Labels

area: cliCommand line interface(s)area: codegenBPF bytecode generationarea: front-endFront-ends: parsing and translationarea: loaderBPF programs managementpriority: 0Critical/blocker

Type

Feature

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions