Re: [PATCH RFC 3/3] netfilter: nf_tables: add BPF-based jit infrastructure

2018-02-21 Thread Pablo Neira Ayuso
Hi Alexei, On Tue, Feb 20, 2018 at 06:01:39PM -0800, Alexei Starovoitov wrote: > On Tue, Feb 20, 2018 at 11:53:55AM +0100, Pablo Neira Ayuso wrote: > > > > I'll explore how to generate eBPF code in the next patchset version. > > from the user space please... OK, let's do that, from user space

Re: [PATCH RFC 3/3] netfilter: nf_tables: add BPF-based jit infrastructure

2018-02-20 Thread Alexei Starovoitov
On Tue, Feb 20, 2018 at 11:53:55AM +0100, Pablo Neira Ayuso wrote: > Hi David, > > On Mon, Feb 19, 2018 at 01:53:34PM -0500, David Miller wrote: > > I'm very suprised that this is generating classical BPF filters. > > > > We have native eBPF and that is what anything generating new code > >

Re: [PATCH RFC 3/3] netfilter: nf_tables: add BPF-based jit infrastructure

2018-02-20 Thread Pablo Neira Ayuso
Hi David, On Mon, Feb 19, 2018 at 01:53:34PM -0500, David Miller wrote: > I'm very suprised that this is generating classical BPF filters. > > We have native eBPF and that is what anything generating new code > should be using, rather than the 20+ year old CBPF. I'm not the only one that likes

Re: [PATCH RFC 3/3] netfilter: nf_tables: add BPF-based jit infrastructure

2018-02-19 Thread David Miller
From: Pablo Neira Ayuso Date: Mon, 19 Feb 2018 17:37:06 +0100 > From nf_tables_newrule(), this calls nft_jit_rule() that transforms > our internal expression structure layout to abstract syntax tree, then > we walk over this syntax tree to generate the BPF instructions that

[PATCH RFC 3/3] netfilter: nf_tables: add BPF-based jit infrastructure

2018-02-19 Thread Pablo Neira Ayuso
>From nf_tables_newrule(), this calls nft_jit_rule() that transforms our internal expression structure layout to abstract syntax tree, then we walk over this syntax tree to generate the BPF instructions that are placed in the rule jit buffer. From the commit phase, collect all jit buffers, place