From: Florian Westphal <fw@strlen.de>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Edward Cree <ecree@solarflare.com>,
Florian Westphal <fw@strlen.de>,
Daniel Borkmann <daniel@iogearbox.net>,
netdev@vger.kernel.org, ast@kernel.org, pablo@netfilter.org,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [RFC,POC] iptables/nftables to epbf/xdp via common intermediate layer
Date: Thu, 15 Mar 2018 18:00:22 +0100 [thread overview]
Message-ID: <20180315170022.GA21181@breakpoint.cc> (raw)
In-Reply-To: <20180315161321.kqcnkzf52gu55yku@ast-mbp.dhcp.thefacebook.com>
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> The way this IMR defined today looks pretty much like nft and
> it feels a bit too low level than iptable conversion would need.
It wasn't so much about a specific IMR but to avoid code duplication
between nft and iptables translators.
> I think it would be simpler to have user space only extensions
> and opcodes added to bpf for the purpose of the translation.
> Like there is no bpf instruction called 'load from IP header',
> but we can make one. Just extend extended bpf with an instruction
> like this and on the first pass do full conversion of nft
> directly into this 'extended extended bpf'.
I don't want to duplicate any ebpf conversion (and optimisations)
in the nft part.
If nft can be translated to this 'extended extended bpf' and
this then generates bpf code from nft input all is good.
next prev parent reply other threads:[~2018-03-15 17:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-04 19:40 [RFC,POC] iptables/nftables to epbf/xdp via common intermediate layer Florian Westphal
2018-03-04 19:40 ` [RFC,POC 1/3] bpfilter: add experimental IMR bpf translator Florian Westphal
2018-03-04 19:40 ` [RFC,POC 2/3] bpfilter: add nftables jit proof-of-concept Florian Westphal
2018-03-04 19:40 ` [RFC,POC 3/3] bpfilter: switch bpfilter to iptables->IMR translation Florian Westphal
2018-03-06 14:22 ` [RFC,POC] iptables/nftables to epbf/xdp via common intermediate layer Daniel Borkmann
2018-03-06 16:42 ` Florian Westphal
2018-03-06 17:24 ` Edward Cree
2018-03-06 18:03 ` Florian Westphal
2018-03-06 18:18 ` Edward Cree
2018-03-15 16:13 ` Alexei Starovoitov
2018-03-15 17:00 ` Florian Westphal [this message]
2018-03-15 20:26 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180315170022.GA21181@breakpoint.cc \
--to=fw@strlen.de \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=ecree@solarflare.com \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).