On 14.04, Thomas Graf wrote: > On 04/14/15 at 10:06am, Patrick McHardy wrote: > > On 14.04, Thomas Graf wrote: > > > On 04/13/15 at 09:19pm, Patrick McHardy wrote: > > > > Now the advantages of being able to use nft. First, the obvious > > > > one is that we have a nice userspace tool, a well defined > > > > grammar, and that people would be able to use the same tool for > > > > very similar tasks. nftables in the kernel is almost completely > > > > lockless, we support way more possibilites already and we won't > > > > have to add new special case TC actions anymore. Look at the > > > > connmark action for example. It can set a value. How long until > > > > someone wants to use a bitmask? We support all operations > > > > (assignment, bit operations) for all types, we have sets for fast > > > > lookups, maps for associating values quickly, we have a nice and > > > > readable syntax and full translation back to the readable > > > > representation and much more. > > > > > > *cough* Performance numbers? *cough* ;-) > > > > I'm just arguing, not implementing :) > > OK ;-) Seriously though, we need to start putting emphasis on > numbers as well. We are supposed to run data centers with all of > this, we can't just horse around for fun ;-) I would actually expect them to use neither TC nor nft, so the most interesting number would be the impact if not used. Additionally I'd like to see the numbers for moving ingress to use the netfilter hook if it is actually used. The costs of TC actions vs nft are actually not relevant in my opinion since we're not replacing anything. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
