Looks like it. It’s protocol independent, reduces complexity and duplication and will sigificantly reduce the packet filtering footprint in the kernel. It should also make it more easily extensible in the future, as it runs in user space in a virtual machine.
http://lwn.net/Articles/324989/
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft
robin@edgarbv.com
https://www.edgarbv.com