On Sunday, July 11th, 2021 at 13:11, Nils Freydank <nils.freyd...@posteo.de> wrote:
> Hi caveman, > > you should really train your search skills :-P lel. more like train my cognition. > (1) Just searching for "libbpf" and then for "bpf BTF" gives plenty webpages > and > > links. In short: > > BPF: Berkeley packet filter, e.g.: > https://en.wikipedia.org/wiki/Berkeley_Packet_Filter > > libbpf: a library to use it, e.g.: https://github.com/libbpf/libbpf > > BPF Type Format (BTF) https://www.kernel.org/doc/html/v5.9/bpf/btf.html i did this before asking here, but didn't fully get it. wiki seems to say that it's for speeding up packer filtering by having apps supply a filtering program into the kernel, so that the whole thing is done inside the kernel for speed. but i also read elsewhere that it's being used to generally run any apps inside the kernel, ultimately making linux to slowly become into some kind of a micro-kernel design. didn't fully get it. but either way, this feature sort of freaks me. is it harming my security? how can i know which app is running its code inside my kernel? also, which apps would benefit from this? and why did i end up having it? e.g. any idea which app brought this feature? or did gentoo generally go to ship BTF by default? without any app needing it? > (2) "urxvt text blink ANSI": https://bbs.archlinux.org/viewtopic.php?id=150531 fixed it by enabling 24-bit-color USE flag.
