From: Harald Welte <>
Date: Mon, 19 Feb 2018 18:20:40 +0100

> It's like with any migration.  People were using ipchains for a long
> time even after iptables existed.  Many people simply don't care
> about packet filter performance.  It's only a small fraction of their
> entire CPU workload, so probably not worth optimzing.  For dedicated
> firewall devices, that's of course a different story.

"I have power in my house, what's the big deal about this power
outage I hear about?"

People with an Android phone in their pocket is using iptables, and
the overhead and performance of those rules really does matter.  It
determines how long your battery life is, etc.

> I can just as well ask how many millions of users / devices are
> already using eBPF or XDP?

Every time someone connects to a major provider, they are using it.

And by in large, for system tracing and analysis eBPF is basically
a hard requirement for people doing anything serious these days.

Please see the wonderful work by Brendan Gregg and others which has
basically made the GPL'ing of DTrace by Oracle entirely irrelevant and
our Linux's tracing infrastructure has become must more powerful and
capable thanks to eBPF.
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to
More majordomo info at

Reply via email to