Architecture Overview

2 modules - one to hijack system calls, another to perform the actual filtering, and communicating with user-mode code.

A communications library (sct_ctrl_lib) allows user-processes to configure the module, using the 'sysctl' interface.

User-mode utility parses the configuration file, validates the rules, and then deletes all existing rules in the module, and injects the new ones.

Modules cannot be unloaded as long as rules are defined in them.