hi, > I think these patches are a lost cause. may be!!.. and also may not >Besides the fact that they > move things to the kernel instead of to userspace, they just adding/removing.. beside huge efforts in the previous version in copying/cloning this seems not to be bad effort.. > - break the existing interface > - do not use netlink i didn't change any function prototype at the user space, so i think nothing is break (only the functions implementations at libiptc.c are changed).. just between kernel and user (this is internal).. and just for entries structure.. netlink is one of my ideas about this version and may implement.. > - are a drop-in replacement instead of incremental changes or a > completely new implementation by this new idea, many things are changed and wrirten from scratch.. i can continue its implementation to be completed. > - fix only a very small part of the problems of the current > iptables design beside your new ideas about nftables, this implementation also has some new ideas: about sets in nftables: we can implement sets as classifier in this version about registers in nftables: we can see matches as registers in this version and about multiple targets: this version can use multiple targets.. > > I've asked Hamid to post these patches to see if there were any > useful incremental changes that would make sense to apply to > iptables, but it seems to come down to moving userspace to kernel > to support incremental changes. not only user to kernel.. this limited to add/remove.. using classifiers as search engine, common framework for tables and new semantics.. so on.. -- Hamid Jafarian (hm.t) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
