Hacker News new | ask | show | jobs
by evilsocket 3331 days ago
OpenSnitch author here ... although performances are not a big deal here because only conntrack packets are intercepted, the project will move to a C++ implementation once the current Python prototype/PoC will be complete and will prove that what I want to do is 100% doable on GNU/Linux :)
1 comments
sandGorgon 3331 days ago
I would say that golang is good enough. But if you are interested , you could go for Rust. Multiple teams have built extremely high performance network manipulation tools in Rust - like linkerd-tcp .

Unless you were planning to use Ragel.

link
evilsocket 3331 days ago
As I said, it'll be in C++, Go is great, Rust too, but I just can't get used to their syntax :D
link
cyphar 3330 days ago
Once I saw OpenSnitch I decided to write my own in Rust (mostly as a learning experience for myself)[1] -- it's still obviously WIP as it doesn't even filter packets yet! My intention is to make it have a remote API so that policy decisions aren't done in the daemon but are done in swappable clients.

[1]: https://github.com/cyphar/whistled

link
steveklabnik 3330 days ago
I thought the Ragel stuff was back in.
link
sandGorgon 3330 days ago
I hoped so too. I think someone is forking it, but AFAIK it's c or ASM only.
link