On 06/03/18 18:03, Florian Westphal wrote: > I don't know. I suspect we should go for naive algorithm only, > but I would defer such decision to Alexei/Daniel. > > f.e. i don't know if using llvm is a good idea or not, Yeah, I wondered about that too. I think it's probably not a good idea, since it's a big project with a complex interface and the tail would likely wag the dog.
> I did not > intend to turn proposed imr into full blown compiler in any case, > I only want to avoid code duplication for iptables/nftables -> ebpf > translator. Well, I think anything that calling code does by hand will entail limits on what the imr->ebpf step can do. E.g. if imr uses registers by name then the backend can't expand any highlevel constructs that need to use scratch registers, unless some regs are reserved for the backend and can't be used by the imr. Ultimately I think the imr will have to become practically a compiler back-end, because any jobs it punts to the caller will necessarily be duplicated between iptables and nftables. -Ed
