David Miller <davem@xxxxxxxxxxxxx> wrote: > From: Florian Westphal <fw@xxxxxxxxx> > Date: Mon, 19 Feb 2018 15:59:35 +0100 > > > David Miller <davem@xxxxxxxxxxxxx> wrote: > >> It also means that the scope of developers who can contribute and work > >> on the translater is much larger. > > > > How so? Translator is in userspace in nftables case too? > > Florian, first of all, the whole "change the iptables binary" idea is > a non-starter. For the many reasons I have described in the various > postings I have made today. > > It is entirely impractical. ??????? You suggest: iptables -> setsockopt -> umh (xtables -> ebpf) -> kernel How is this different from iptables -> setsockopt -> umh (Xtables -> nftables -> kernel ? EBPF can be placed within nftables either userspace or kernel, there is nothing that prevents this. > Anything designed in that nature must be distributed completely in the > kernel tree, so that the iptables kernel ABI is provided without any > externel dependencies. Would you be willing to merge nftables into kernel tools directory then? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
