lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOkSjBgF=HtY2DCBEDE4JHC57cDBZU0cq7DpMDNnTG-688vzZw@mail.gmail.com>
Date:   Mon, 19 Feb 2018 19:06:12 +0100
From:   Arturo Borrero Gonzalez <arturo@...filter.org>
To:     David Miller <davem@...emloft.net>
Cc:     laforge@...monks.org, daniel@...earbox.net, netdev@...r.kernel.org,
        Netfilter Development Mailing list 
        <netfilter-devel@...r.kernel.org>, alexei.starovoitov@...il.com
Subject: Re: [PATCH RFC 0/4] net: add bpfilter

On 19 February 2018 at 16:36, David Miller <davem@...emloft.net> wrote:
>
> In my opinion, any resistence to integration with eBPF and XDP will
> lead to even less adoption of netfilter as a technology.
>
> Therefore my plan is to move everything to be integrated around these
> important core technologies.  For the purposes of integration, code
> coverage, performance, and the ability to juxtapose different bits of
> eBPF code into larger optimized code streams that can also be
> offloaded into hardware.

Thanks for sharing your plans. I'll share mine.

Debian already recommends using nftables rather than iptables.
Probably in the next release cycle we (Debian) will give even more
prominence to nftables by linking iptables to iptables-compat, as an
opt-in for users, so we don't break systems.
By the next-next release cycle (4+ years or so?) we will probably have
enough confidence with compat/translation tools that Debian could
fully wipe the old iptables binary to use just the nftables framework.
Same for ip6tables, arptables, ebtables.

Does this sound reasonable to you?

Yes, probably major datacenters (google? facebook?, amazon?) they
don't even care about what Debian is doing, since they are crafting
their own distro anyway.
But there are *a lot* of other people that do care about these migration plans.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ