[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150414100846.GB14022@casper.infradead.org>
Date: Tue, 14 Apr 2015 11:08:46 +0100
From: Thomas Graf <tgraf@...g.ch>
To: Patrick McHardy <kaber@...sh.net>
Cc: David Miller <davem@...emloft.net>, pablo@...filter.org,
netfilter-devel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH 0/7 RFC] Netfilter/nf_tables ingress support
On 04/14/15 at 10:06am, Patrick McHardy wrote:
> On 14.04, Thomas Graf wrote:
> > On 04/13/15 at 09:19pm, Patrick McHardy wrote:
> > > Now the advantages of being able to use nft. First, the obvious
> > > one is that we have a nice userspace tool, a well defined
> > > grammar, and that people would be able to use the same tool for
> > > very similar tasks. nftables in the kernel is almost completely
> > > lockless, we support way more possibilites already and we won't
> > > have to add new special case TC actions anymore. Look at the
> > > connmark action for example. It can set a value. How long until
> > > someone wants to use a bitmask? We support all operations
> > > (assignment, bit operations) for all types, we have sets for fast
> > > lookups, maps for associating values quickly, we have a nice and
> > > readable syntax and full translation back to the readable
> > > representation and much more.
> >
> > *cough* Performance numbers? *cough* ;-)
>
> I'm just arguing, not implementing :)
OK ;-) Seriously though, we need to start putting emphasis on
numbers as well. We are supposed to run data centers with all of
this, we can't just horse around for fun ;-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists