From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shards.monkeyblade.net ([184.105.139.130]:60080 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752474AbeBSPNh (ORCPT ); Mon, 19 Feb 2018 10:13:37 -0500 Date: Mon, 19 Feb 2018 10:13:35 -0500 (EST) Message-Id: <20180219.101335.8419642951000951.davem@davemloft.net> To: fw@strlen.de Cc: daniel@iogearbox.net, laforge@gnumonks.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, alexei.starovoitov@gmail.com Subject: Re: [PATCH RFC 0/4] net: add bpfilter From: David Miller In-Reply-To: <20180219145935.GE6333@breakpoint.cc> References: <5a7f90b2-9613-3e98-39da-215db230b2f0@iogearbox.net> <20180219.100051.1763083913140481624.davem@davemloft.net> <20180219145935.GE6333@breakpoint.cc> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org List-ID: From: Florian Westphal Date: Mon, 19 Feb 2018 15:59:35 +0100 > David Miller wrote: >> It also means that the scope of developers who can contribute and work >> on the translater is much larger. > > How so? Translator is in userspace in nftables case too? Florian, first of all, the whole "change the iptables binary" idea is a non-starter. For the many reasons I have described in the various postings I have made today. It is entirely impractical. So we are strictly talking about the code we are writing to translate iptables ABI (in the kernel) into an eBPF based datapath. Anything designed in that nature must be distributed completely in the kernel tree, so that the iptables kernel ABI is provided without any externel dependencies. We could have done the translater in in the kernel, but instead we are doing it with a userland component. And that's what we are talking about. Thank you.