lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Oct 2008 16:27:04 +0330 From: "hamid jafarian" <hamid.jafarian@...il.com> To: "Patrick McHardy" <kaber@...sh.net> Cc: "Evgeniy Polyakov" <zbr@...emap.net>, Netfilter-devel <netfilter-devel@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, "Pablo Neira Ayuso" <pablo@...filter.org>, "Jan Engelhardt" <jengelh@...ozas.de>, "Rusty Russell" <rusty@...tcorp.com.au>, "Harald Welte" <laforge@...monks.org>, "Eric Leblond" <eric@....fr>, "Jozsef Kadlecsik" <kadlec@...ckhole.kfki.hu>, "Amin Azez" <azez@...mechanic.net> Subject: Re: [PATCH 00/09]IPtablestng/Kernel - New Framework For IPtables hi, > I think these patches are a lost cause. may be!!.. and also may not >Besides the fact that they > move things to the kernel instead of to userspace, they just adding/removing.. beside huge efforts in the previous version in copying/cloning this seems not to be bad effort.. > - break the existing interface > - do not use netlink i didn't change any function prototype at the user space, so i think nothing is break (only the functions implementations at libiptc.c are changed).. just between kernel and user (this is internal).. and just for entries structure.. netlink is one of my ideas about this version and may implement.. > - are a drop-in replacement instead of incremental changes or a > completely new implementation by this new idea, many things are changed and wrirten from scratch.. i can continue its implementation to be completed. > - fix only a very small part of the problems of the current > iptables design beside your new ideas about nftables, this implementation also has some new ideas: about sets in nftables: we can implement sets as classifier in this version about registers in nftables: we can see matches as registers in this version and about multiple targets: this version can use multiple targets.. > > I've asked Hamid to post these patches to see if there were any > useful incremental changes that would make sense to apply to > iptables, but it seems to come down to moving userspace to kernel > to support incremental changes. not only user to kernel.. this limited to add/remove.. using classifiers as search engine, common framework for tables and new semantics.. so on.. -- Hamid Jafarian (hm.t) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists