- the kernel implementation
- libnl netlink communication
- nftables userspace frontend
"The kernel provides a netlink configuration interface, as well
as runtime ruleset evaluation using a small classification language
interpreter. libnl contains the low-level functions for
communicating with the kernel, the nftables frontend is what the
user interacts with.
"Kernel
------
"The first major difference is that there's no one-to-one
relation of matches and targets available to the user and those
implemented in the kernel anymore. The kernel provides some generic
parameterizable operations, like loading data from a packet,
comparing data with other data etc. Userspace combines the
individual operations appropriately to get the desired
semantic."
