logoalt Hacker News

serious_angeltoday at 1:01 AM2 repliesview on HN

  > The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name.  
  > And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably.  
  > That's not an option here.
  > 
  > Source: https://web.archive.org/web/20260409002901/https://obdev.at/products/littlesnitch-linux/index.html
The above feels like an utter AI slop nonsense, sorry. I believe eBPF, the Linux Kernel feature, is absolutely capable for accuracy and perfect processing of network traffic.

Have you ever checked Calico or Cilium, or at least, Oryx?

Replies

littlesnitchtoday at 11:02 AM

eBPF programs are able to accuratly process network traffic in high performance, but the amount of CPU instructions you can use is limited. Otherwise it would not be high performance. This limits the complexity of in-kernel processing.

show 1 reply
jiveturkeytoday at 1:24 AM

I guess you haven't actually implemented anything in eBPF.

show 2 replies