Re: [PATCH v5 0/6] Add eBPF hooks for cgroups

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox•net>
To: Pablo Neira Ayuso <pablo@netfilter•org>,
	Alexei Starovoitov <alexei.starovoitov@gmail•com>
Cc: Daniel Mack <daniel@zonque•org>,
	htejun@fb•com, ast@fb•com, davem@davemloft•net, kafai@fb•com,
	fw@strlen•de, harald@redhat•com, netdev@vger•kernel.org,
	sargun@sargun•me, cgroups@vger•kernel.org
Subject: Re: [PATCH v5 0/6] Add eBPF hooks for cgroups
Date: Wed, 14 Sep 2016 13:36:55 +0200	[thread overview]
Message-ID: <57D93657.6020806@iogearbox.net> (raw)
In-Reply-To: <20160914103038.GA910@salvia>

On 09/14/2016 12:30 PM, Pablo Neira Ayuso wrote:
> On Tue, Sep 13, 2016 at 09:42:19PM -0700, Alexei Starovoitov wrote:
> [...]
>> For us this cgroup+bpf is _not_ for filterting and _not_ for security.
>
> If your goal is monitoring, then convert these hooks not to allow to
> issue a verdict on the packet, so this becomes inoquous in the same
> fashion as the tracing infrastructure.
>
> [...]
>> I'd really love to have an alternative to bpf for such tasks,
>> but you seem to spend all the energy arguing against bpf whereas
>> nft still has a lot to be desired.
>
> Please Alexei, stop that FUD. Anyone that has spent just one day using
> the bpf tooling and infrastructure knows you have problems to
> resolve...

Not quite sure on the spreading of FUD, but sounds like we should all
get back to technical things to resolve. ;)

next prev parent reply	other threads:[~2016-09-14 11:37 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-12 16:12 [PATCH v5 0/6] Add eBPF hooks for cgroups Daniel Mack
2016-09-12 16:12 ` [PATCH v5 1/6] bpf: add new prog type for cgroup socket filtering Daniel Mack
2016-09-12 16:12 ` [PATCH v5 2/6] cgroup: add support for eBPF programs Daniel Mack
2016-09-12 16:12 ` [PATCH v5 3/6] bpf: add BPF_PROG_ATTACH and BPF_PROG_DETACH commands Daniel Mack
     [not found] ` <1473696735-11269-1-git-send-email-daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>
2016-09-12 16:12   ` [PATCH v5 4/6] net: filter: run cgroup eBPF ingress programs Daniel Mack
2016-09-12 16:12   ` [PATCH v5 5/6] net: core: run cgroup eBPF egress programs Daniel Mack
2016-09-12 16:12   ` [PATCH v5 6/6] samples: bpf: add userspace example for attaching eBPF programs to cgroups Daniel Mack
2016-09-13 11:56 ` [PATCH v5 0/6] Add eBPF hooks for cgroups Pablo Neira Ayuso
2016-09-13 13:31   ` Daniel Mack
     [not found]     ` <da300784-284c-0d1f-a82e-aa0a0f8ae116-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>
2016-09-13 14:14       ` Daniel Borkmann
2016-09-13 17:24       ` Pablo Neira Ayuso
2016-09-14  4:42         ` Alexei Starovoitov
2016-09-14  9:03           ` Thomas Graf
     [not found]           ` <20160914044217.GA44742-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-09-14 10:30             ` Pablo Neira Ayuso
2016-09-14 11:06               ` Thomas Graf
2016-09-14 11:36               ` Daniel Borkmann [this message]
2016-09-14 11:13         ` Daniel Mack
     [not found]           ` <6de6809a-13f5-4000-5639-c760dde30223-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>
2016-09-14 11:42             ` Daniel Borkmann
     [not found]               ` <57D937B9.2090100-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>
2016-09-14 15:55                 ` Alexei Starovoitov
2016-09-16 19:57           ` Sargun Dhillon
     [not found]             ` <20160916195728.GA14736-I4sfFR6g6EicJoAdRrHjTrzMkBWIpU9tytq7g7fCXyjEk0E+pv7Png@public.gmane.org>
2016-09-18 23:34               ` Sargun Dhillon
2016-09-19 16:34               ` Daniel Mack
2016-09-19 21:53                 ` Sargun Dhillon
     [not found]                   ` <20160919215311.GA9723-I4sfFR6g6EicJoAdRrHjTrzMkBWIpU9tytq7g7fCXyjEk0E+pv7Png@public.gmane.org>
2016-09-20 14:25                     ` Daniel Mack
2016-09-15  6:36 ` Vincent Bernat
     [not found]   ` <m3y42tlldz.fsf-PiWSfznZvZU/eRriIvX0kg@public.gmane.org>
2016-09-15  8:11     ` Daniel Mack

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57D93657.6020806@iogearbox.net \
    --to=daniel@iogearbox$(echo .)net \
    --cc=alexei.starovoitov@gmail$(echo .)com \
    --cc=ast@fb$(echo .)com \
    --cc=cgroups@vger$(echo .)kernel.org \
    --cc=daniel@zonque$(echo .)org \
    --cc=davem@davemloft$(echo .)net \
    --cc=fw@strlen$(echo .)de \
    --cc=harald@redhat$(echo .)com \
    --cc=htejun@fb$(echo .)com \
    --cc=kafai@fb$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=pablo@netfilter$(echo .)org \
    --cc=sargun@sargun$(echo .)me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox