|
Nftables
nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014. nftables replaces the legacy iptables component of Netfilter. Among the advantages of nftables over iptables is less code duplication and easier extension to new protocols. Among the disadvantages of nftables is that Deep_packet_inspection, DPI that was provided by "iptables string match" like Server_Name_Indication, SNI filtering is not supported. nftables is configured via the user-space utility ''nft'', while legacy tools are configured via the utilities ''iptables'', ''ip6tables'', ''arptables'' and ''ebtables'' frameworks. nftables utilizes the building blocks of the Netfilter infrastructure, such as the existing hooks into the networking stack, connection tracking system, userspace queueing component, and logging subsystem. nft Command-line syntax A command to drop any packets wi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
In-kernel Virtual Machine
In computer science, an in-kernel virtual machine is a specialized virtualization technology that operates within an operating system kernel. Unlike traditional virtual machines that emulate entire computer systems, in-kernel virtual machines provide a controlled environment for executing code within the kernel space, typically for performance, security, or extensibility purposes. These virtual machines allow for safe execution of user-defined programs within the highly privileged kernel context. Overview In-kernel virtual machines create an abstraction layer that isolates user-provided code from direct kernel operations while still allowing this code to efficiently interact with kernel resources. They typically implement a restricted instruction set and provide controlled access to kernel data structures, allowing for kernel extension without risking system stability or security. This architecture enables developers to extend kernel functionality safely through just-in-time (JI ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Iptables
iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in a set of tables, which contain chains of rules for how to treat network traffic packets. Different kernel modules and programs are currently used for different protocols; ''iptables'' applies to IPv4, ''ip6tables'' to IPv6, ''arptables'' to ARP, and ' to Ethernet frames. iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as and documented in its man pages, which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is more like a service rather than an "essential binary", the preferred location remains . The term ''iptables'' is also commonly used to inclusively refer to the kernel-level compo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
C (programming Language)
C (''pronounced'' '' – like the letter c'') is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted Central processing unit, CPUs. It has found lasting use in operating systems code (especially in Kernel (operating system), kernels), device drivers, and protocol stacks, but its use in application software has been decreasing. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems. A successor to the programming language B (programming language), B, C was originally developed at Bell Labs by Ritchie between 1972 and 1973 to construct utilities running on Unix. It was applied to re-implementing the kernel of the Unix operating system. During the 1980s, C gradually gained popularity. It has become one of the most widely used programming langu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Virtual Machine
In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination of the two. Virtual machines differ and are organized by their function, shown here: * ''System virtual machines'' (also called full virtualization VMs, or SysVMs) provide a substitute for a real machine. They provide the functionality needed to execute entire operating systems. A hypervisor uses native code, native execution to share and manage hardware, allowing for multiple environments that are isolated from one another yet exist on the same physical machine. Modern hypervisors use hardware-assisted virtualization, with virtualization-specific hardware features on the host CPUs providing assistance to hypervisors. * ''Process virtual machines'' are designed to execute computer programs ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Firewall Software
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on configurable security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet or between several VLANs. Firewalls can be categorized as network-based or host-based. History The term '' firewall'' originally referred to a wall to confine a fire within a line of adjacent buildings. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. The term was applied in the 1980s to network technology that emerged when the Internet was fairly new in terms of its global use and connectivity. The predecessors to firewalls for network security were routers used in the 1980s. Because they already segregated networks, routers could filter packets crossing them. Before it was used in real-life computing ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenDocument
The Open Document Format for Office Applications (ODF), also known as OpenDocument, standardized as ISO 26300, is an open file format for word processor, word processing documents, spreadsheets, Presentation program, presentations and graphics and using Zip (file format), ZIP-compressed XML files. It was developed with the aim of providing an open, XML-based file format specification for office applications. The standard is developed and maintained by a technical committee in the OASIS (organization), Organization for the Advancement of Structured Information Standards (OASIS) consortium. It was based on the Sun Microsystems specification for OpenOffice.org XML, the default format for OpenOffice.org and LibreOffice. It was originally developed for StarOffice "to provide an open standard for office documents." In addition to being an OASIS standard, it is published as an International Organization for Standardization, ISO/International Electrotechnical Commission, IEC i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Netlink
Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like operating systems, including its original incarnation as a Linux kernel interface, as well as in the form of a later implementation on FreeBSD. Similarly to the Unix domain sockets, and unlike INET sockets, Netlink communication cannot traverse host boundaries. However, while the Unix domain sockets use the file system namespace, Netlink sockets are usually addressed by process identifiers (PIDs). Netlink is designed and used for transferring miscellaneous networking information between the kernel space and userspace processes. Networking utilities, such as the iproute2 family and the utilities used for configuring mac80211-based wireless drivers, use Netlink to communicate with the Linux kernel from userspace. Netlink provides a standard ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Atomic Operation
In concurrent programming, an operation (or set of operations) is linearizable if it consists of an ordered list of Execution (computing), invocation and response Event (computing), events, that may be extended by adding response events such that: # The extended list can be re-expressed as a sequential history (is serializability, serializable). # That sequential history is a subset of the original unextended list. Informally, this means that the unmodified list of events is linearizable if and only if its invocations were serializable, but some of the responses of the serial schedule have yet to return. In a concurrent system, processes can access a shared Object (computer science), object at the same time. Because multiple processes are accessing a single object, a situation may arise in which while one process is accessing the object, another process changes its contents. Making a system linearizable is one solution to this problem. In a linearizable system, although operat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Error Message
An error message is the information displayed when an unforeseen problem occurs, usually on a computer or other device. Modern operating systems with graphical user interfaces, often display error messages using dialog boxes. Error messages are used when user intervention is required, to indicate that a desired operation has failed, or to relay important warnings (such as warning a computer user that they are almost out of hard disk space). Error messages are seen widely throughout computing, and are part of every operating system or computer hardware device. The proper design of error messages is an important topic in usability and other fields of human–computer interaction. Common error messages The following error messages are commonly seen by modern computer users: ;Access denied :This error occurs if the user does not have privileges to a file, or if it has been locked by some program or user. ;Device not ready :This error most often occurs when there is no floppy disk ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Duplicate Code
In computer programming, duplicate code is a sequence of source code that occurs more than once, either within a program or across different programs owned or maintained by the same entity. Duplicate code is generally considered Code smell, undesirable for a number of reasons. A minimum requirement is usually applied to the quantity of code that must appear in a sequence for it to be considered duplicate rather than coincidentally similar. Sequences of duplicate code are sometimes known as code clones or just clones, the automated process of finding duplications in source code is called clone detection. Two code sequences may be duplicates of each other without being character-for-character identical, for example by being character-for-character identical only when white space characters and comments are ignored, or by being token (parser), token-for-token identical, or token-for-token identical with occasional variation. Even code sequences that are only functionally identical may b ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Application Binary Interface
An application binary interface (ABI) is an interface exposed by software that is defined for in-process machine code access. Often, the exposing software is a library, and the consumer is a program. An ABI is at a relatively low-level of abstraction. Interface compatibility depends on the target hardware and the software build toolchain. In contrast, an application programming interface (API) defines access in source code which is a relatively high-level, hardware-independent, and human-readable format. An API defines interface at the source code level, before compilation, whereas an ABI defines an interface to compiled code. API compatibility is generally the concern for system design and of the toolchain. However, a programmer may have to deal with an ABI directly when writing a program in a multiple languages or compilers. A complete ABI enables a program that supports an ABI to run without modification on multiple operating systems that provide the ABI. The targe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bridging (networking)
A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging. Bridging is distinct from routing. Routing allows multiple networks to communicate independently and yet remain separate, whereas bridging connects two separate networks as if they were a single network. In the OSI model, bridging is performed in the data link layer (layer 2). If one or more segments of the bridged network are wireless, the device is known as a wireless bridge. The main types of network bridging technologies are simple bridging, multiport bridging, and learning or transparent bridging. Transparent bridging Transparent bridging uses a table called the '' forwarding information base'' to control the forwarding of frames between network segments. The table starts empty and entries are added as the bridge receives frames. If a destination address entry is not found in the ta ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
