From: Florian Westphal <fw@xxxxxxxxx> Date: Mon, 19 Feb 2018 15:59:35 +0100 > David Miller <davem@xxxxxxxxxxxxx> wrote: >> It also means that the scope of developers who can contribute and work >> on the translater is much larger. > > How so? Translator is in userspace in nftables case too? Florian, first of all, the whole "change the iptables binary" idea is a non-starter. For the many reasons I have described in the various postings I have made today. It is entirely impractical. So we are strictly talking about the code we are writing to translate iptables ABI (in the kernel) into an eBPF based datapath. Anything designed in that nature must be distributed completely in the kernel tree, so that the iptables kernel ABI is provided without any externel dependencies. We could have done the translater in in the kernel, but instead we are doing it with a userland component. And that's what we are talking about. Thank you. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
