| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f6b7ead2-8c4e-8d87-abad-b03f23d6de84@solarflare.com>
Date: Tue, 6 Mar 2018 18:18:04 +0000
From: Edward Cree <ecree@...arflare.com>
To: Florian Westphal <fw@...len.de>
CC: Daniel Borkmann <daniel@...earbox.net>, <netdev@...r.kernel.org>,
<ast@...nel.org>, <pablo@...filter.org>
Subject: Re: [RFC,POC] iptables/nftables to epbf/xdp via common intermediate
layer
On 06/03/18 18:03, Florian Westphal wrote:
> I don't know. I suspect we should go for naive algorithm only,
> but I would defer such decision to Alexei/Daniel.
>
> f.e. i don't know if using llvm is a good idea or not,
Yeah, I wondered about that too. I think it's probably not a good idea,
since it's a big project with a complex interface and the tail would
likely wag the dog.
> I did not
> intend to turn proposed imr into full blown compiler in any case,
> I only want to avoid code duplication for iptables/nftables -> ebpf
> translator.
Well, I think anything that calling code does by hand will entail limits
on what the imr->ebpf step can do. E.g. if imr uses registers by name
then the backend can't expand any highlevel constructs that need to use
scratch registers, unless some regs are reserved for the backend and
can't be used by the imr.
Ultimately I think the imr will have to become practically a compiler
back-end, because any jobs it punts to the caller will necessarily be
duplicated between iptables and nftables.
-Ed
Powered by blists - more mailing lists