>>842410
Okay anon.
I found out that this BPF stuff has been around in one form or another since 1980.
>http://www.tcpdump.org/papers/bpf-usenix93.pdf
From what I can understand, is that Linux filters are similar enough to BSD filters, but they are 'simpler' in that a device does not need referenced to apply a filter.
>https://www.kernel.org/doc/Documentation/networking/filter.txt
I've also found that the BPF was always intended as a virtual machine, so the kernel must implement a virtual machine for the filtering mechanism itself.
This method of a virtual machine was a way to abrogate unnecessary copying of packets and buffers before any filter was applied.
And since it is a machine of its own, there needs to be something to compile or translate code from one machine language to another machine language; hence, the JIT compiler.
As for my question of if it filters Berkeley sockets' packets or INET packets, it can filter both, so it is useful for iptables and other firewalls. It seems that those firewalls are just an interface to the BPF at the low-level, and write the filters in the BPF language to be compiled by the JIT kernel compiler.
There is a lot in the tcpdump link that explains much of the theory and process behind BPF, but the kernel.org link provides the Linux implementation specifics and what deviates from the original paper.
As for the implication of this exploit, it seems that by controlling, exploiting, circumventing the BPF, an attacker could theoretically break through any firewall used.
For what it's worth.