Re: [ANNOUNCE]: First release of nftables

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Meelis Roos

Subject: Re: [ANNOUNCE]: First release of nftables

Date: Wednesday, March 18, 2009 - 5:00 am

> Data is represented in a generic way inside the kernel and the
quoted text> operations are defined on the generic data representations, meaning
> its possible to use any matching feature (ranges, masks, set lookups
> etc.) with any kind of data. Semantic validation of the operation is
> performed in userspace, the kernel doesn't care as long as the
> operation doesn't potentially harm the kernel.

This sounds like a "script" downloaded to kernel and interpreted during 
each packet match. This toubles me some - doesn't this use more memory 
accesses to achieve the same work that was done in precompiled code 
before?

Have you measured the fastpath performance of kernel matching of real-life 
rulesets, compared to iptables?

-- 
Meelis Roos (mroos@linux.ee)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [ANNOUNCE]: First release of nftables, Meelis Roos, (Wed Mar 18, 5:00 am)

Re: [ANNOUNCE]: First release of nftables, Patrick McHardy, (Wed Mar 18, 7:39 am)

Re: [ANNOUNCE]: First release of nftables, Denys Fedoryschenko, (Wed Mar 18, 7:52 am)

Re: [ANNOUNCE]: First release of nftables, Patrick McHardy, (Wed Mar 18, 7:58 am)


linux-kernel:
Frederic Weisbecker	[PATCH v2] struct sort_entry has a callback named snprintf that turns an entry int...
FUJITA Tomonori	Re: [Scst-devel] Integration of SCST in the mainstream Linux kernel
Jens Axboe	Re: [BUG] Linux 2.6.25-rc2 - Regression from 2.6.24-rc1-git1 softlockup while bo...
Andrew Morton	Re: [PATCH v3 0/4] Introduce hardware spinlock framework
Jeff Garzik	Re: 2.6.23-rc7-mm1 AHCI ATA errors -- won't boot
git:
Junio C Hamano	Re: git-svnimport
Michal Sojka	[PATCHv5 1/2] filter-branch: Fix to allow replacing submodules with another content
Junio C Hamano	Re: Fwd: git status options feature suggestion
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
linux-netdev:
Arnaldo Carvalho de Melo	Re: [PATCH 06/37] dccp: Limit feature negotiation to connection setup phase
Gerrit Renker	[PATCH 1/5] dccp: Initialisation framework for feature negotiation
Ursula Braun	[patch 2/8] [PATCH] af_iucv: sync sk shutdown flag if iucv path is quiesced
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
git-commits-head:
Linux Kernel Mailing List	ARM: S3C64XX: DMA: Callback with correct buffer pointer
Linux Kernel Mailing List	sata_mv: drop unncessary EH callback resetting
Linux Kernel Mailing List	timer: Try to survive timer callback preempt_count leak
Linux Kernel Mailing List	powerpc/kexec: Add support for FSL-BookE
Linux Kernel Mailing List	ARM: 5905/1: ARM: Global ASID allocation on SMP
openbsd-misc:
Rene Maroufi	smtpd: Aliases only work with for local alias aliases
Stephen J. Bevan	GRE over IPsec
Christophe Rioux	Implementation example of snmp
Darrin Chandler	Re: strange output on openbsd C code
Nick Holland	Re: booting openbsd on eee without cd-rom