lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Tue, 28 Oct 2008 16:27:04 +0330
From:	"hamid jafarian" <hamid.jafarian@...il.com>
To:	"Patrick McHardy" <kaber@...sh.net>
Cc:	"Evgeniy Polyakov" <zbr@...emap.net>,
	Netfilter-devel <netfilter-devel@...r.kernel.org>,
	Netdev <netdev@...r.kernel.org>,
	"Pablo Neira Ayuso" <pablo@...filter.org>,
	"Jan Engelhardt" <jengelh@...ozas.de>,
	"Rusty Russell" <rusty@...tcorp.com.au>,
	"Harald Welte" <laforge@...monks.org>,
	"Eric Leblond" <eric@....fr>,
	"Jozsef Kadlecsik" <kadlec@...ckhole.kfki.hu>,
	"Amin Azez" <azez@...mechanic.net>
Subject: Re: [PATCH 00/09]IPtablestng/Kernel - New Framework For IPtables

hi,
> I think these patches are a lost cause.
may be!!.. and also may not
>Besides the fact that they
> move things to the kernel instead of to userspace, they
just adding/removing.. beside huge efforts in the previous version in
copying/cloning this seems not to be bad effort..

> - break the existing interface
> - do not use netlink
i didn't change any function prototype at the user space, so i think
nothing is break (only the functions implementations at libiptc.c are
changed).. just between kernel and user (this is internal).. and just
for entries structure..
netlink is one of my ideas about this version and may implement..
> - are a drop-in replacement instead of incremental changes or a
>  completely new implementation
by this new idea, many things are changed and wrirten from scratch.. i
can continue its implementation to be completed.
> - fix only a very small part of the problems of the current
>  iptables design
beside your new ideas about nftables, this implementation also has
some new ideas:
about sets in  nftables: we can implement sets as classifier in this version
about registers in nftables: we can see matches as registers in this version
and about multiple targets: this version can use multiple targets..
>
> I've asked Hamid to post these patches to see if there were any
> useful incremental changes that would make sense to apply to
> iptables, but it seems to come down to moving userspace to kernel
> to support incremental changes.
not only user to kernel.. this limited to add/remove..
using classifiers as search engine, common framework for tables and
new semantics.. so on..


-- 
Hamid Jafarian (hm.t)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists