In a recent article I described the basic concepts behind the use of Berkeley Packet Filter (aka BSD Packet filter or BPF) bytecode for high performance packet filtering, and the xt_bpf iptables module. In this post I'll explain how we use BPF and xt_bpf as one tool to deal with large scale DDoS attacks.
more here..........http://blog.cloudflare.com/introducing-the-bpf-tools
more here..........http://blog.cloudflare.com/introducing-the-bpf-tools