From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <netdev-owner@vger.kernel.org>
Received: from orbyte.nwl.cc ([151.80.46.58]:53974 "EHLO orbyte.nwl.cc"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753639AbeBSROU (ORCPT <rfc822;netdev@vger.kernel.org>);
        Mon, 19 Feb 2018 12:14:20 -0500
Date: Mon, 19 Feb 2018 18:14:11 +0100
From: Phil Sutter <phil@nwl.cc>
To: David Miller <davem@davemloft.net>
Cc: laforge@gnumonks.org, fw@strlen.de, daniel@iogearbox.net,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
        alexei.starovoitov@gmail.com
Subject: Re: [PATCH RFC 0/4] net: add bpfilter
Message-ID: <20180219171411.GG15918@orbyte.nwl.cc>
References: <20180219151555.GA23857@breakpoint.cc>
 <20180219.102727.1601311989325658320.davem@davemloft.net>
 <20180219153808.GI5490@nataraja>
 <20180219.104459.157566294655687535.davem@davemloft.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180219.104459.157566294655687535.davem@davemloft.net>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Hi David,

On Mon, Feb 19, 2018 at 10:44:59AM -0500, David Miller wrote:
> From: Harald Welte <laforge@gnumonks.org>
> Date: Mon, 19 Feb 2018 16:38:08 +0100
> 
> > On Mon, Feb 19, 2018 at 10:27:27AM -0500, David Miller wrote:
> >> > Would you be willing to merge nftables into kernel tools directory
> >> > then?
> >> 
> >> Did you miss the part where I explained that people explicitly disable
> >> NFTABLES in their kernel configs in most if not all large datacenters?
> > 
> > If people to chose to disable a certain feature, then that is their own
> > decision to do so.  We should respect that decision.  Clearly they seem
> > to have no interest in a better or more featureful packet filter, then.
> > 
> > I mean, it's not like somebody proposes to implement NTFS inside the FAT
> > filesystem kernel module because distributors (or data centers) tend to
> > disable the NTFS module?!
> > 
> > How is kernel development these days constrained by what some users may
> > or may not put in their Kconfig?  If they want a given feature, they
> > must enable it.
> 
> This discussion was about why iptables UABI still matters.
> 
> And I'm trying to explain to you one of several reasons why it does.
> 
> Also, instead of saying "They decided to not use NFTABLES, oh well
> that is their problem" it might be more beneficial, especially in the
> long term for netfilter, to think about "why".

OK, so reading between the lines you're saying that nftables project has
failed to provide an adequate successor to iptables?

Cheers, Phil