Re: [PATCH RFC PoC 0/3] nftables meets bpf

2018-02-21 Thread Jakub Kicinski
On Wed, 21 Feb 2018 16:30:07 -0800, Florian Fainelli wrote: > On 02/21/2018 03:46 PM, Jakub Kicinski wrote: > > On Tue, 20 Feb 2018 11:58:22 +0100, Pablo Neira Ayuso wrote: > >> We also have a large range of TCAM based hardware offload outthere > >> that will _not_ work with your BPF HW offload

Re: [PATCH RFC PoC 0/3] nftables meets bpf

2018-02-21 Thread Florian Fainelli
On 02/21/2018 03:46 PM, Jakub Kicinski wrote: > On Tue, 20 Feb 2018 11:58:22 +0100, Pablo Neira Ayuso wrote: >> We also have a large range of TCAM based hardware offload outthere >> that will _not_ work with your BPF HW offload infrastructure. What >> this bpf infrastructure pushes into the kernel

Re: [PATCH RFC PoC 0/3] nftables meets bpf

2018-02-21 Thread Jakub Kicinski
On Tue, 20 Feb 2018 11:58:22 +0100, Pablo Neira Ayuso wrote: > We also have a large range of TCAM based hardware offload outthere > that will _not_ work with your BPF HW offload infrastructure. What > this bpf infrastructure pushes into the kernel is just a blob > expressing things in a very

Re: [PATCH RFC PoC 0/3] nftables meets bpf

2018-02-20 Thread Daniel Borkmann
Hi Pablo, On 02/20/2018 11:58 AM, Pablo Neira Ayuso wrote: > On Mon, Feb 19, 2018 at 08:57:39PM +0100, Daniel Borkmann wrote: >> On 02/19/2018 05:37 PM, Pablo Neira Ayuso wrote: >> [...] >>> * Simplified infrastructure: We don't need the ebpf verifier complexity >>> either given we trust the

Re: [PATCH RFC PoC 0/3] nftables meets bpf

2018-02-20 Thread Pablo Neira Ayuso
Hi Daniel, On Mon, Feb 19, 2018 at 08:57:39PM +0100, Daniel Borkmann wrote: > On 02/19/2018 05:37 PM, Pablo Neira Ayuso wrote: > [...] > > * Simplified infrastructure: We don't need the ebpf verifier complexity > > either given we trust the code we generate from the kernel. We don't > > need

Re: [PATCH RFC PoC 0/3] nftables meets bpf

2018-02-19 Thread Daniel Borkmann
On 02/19/2018 05:37 PM, Pablo Neira Ayuso wrote: [...] > * Simplified infrastructure: We don't need the ebpf verifier complexity > either given we trust the code we generate from the kernel. We don't > need any complex userspace tooling either, just libnftnl and nft > userspace binaries. >