lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <551BE636.7040505@mojatatu.com>
Date:	Wed, 01 Apr 2015 08:36:06 -0400
From:	Jamal Hadi Salim <jhs@...atatu.com>
To:	Daniel Borkmann <daniel@...earbox.net>, stephen@...workplumber.org
CC:	ast@...mgrid.com, jiri@...nulli.us, tgraf@...g.ch,
	netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 -next] tc, bpf: finalize eBPF support for cls
 and act front-end

On 03/30/15 18:35, Daniel Borkmann wrote:
> This work finalizes both eBPF front-ends for the classifier and action
> part in tc, it allows for custom ELF section selection, a simplified tc
> command frontend (while keeping compat), reusing of common maps between
> classifier and actions residing in the same object file, and exporting
> of all map fds to an eBPF agent for handing off further control in user
> space.
>
> It also adds an extensive example of how eBPF can be used, and a minimal
> self-contained example agent that dumps map data. The example is well
> documented and hopefully provides a good starting point into programming
> cls_bpf and act_bpf.
>

This is excellent work Daniel.
The patch is large that it would be hard to provide good code
feedback. I will wait for your next iteration and whatever Alexei ends
up putting out.

I have an observation:
I realize you are doing this to illustrate the power of ebpf. And it
is impressive. Do you see this as a way to replace pieces of the
kernel stack or to aid and abate what the kernel already does?
I am looking at this and i see ability to inject arbitrary code into
the kernel. It is probably no different than someone writing DPDK code
but this is in the kernel.
How do we not help vendors achieve that goal or put another
way: how do we not help vendors direct their resources at improving the
linux infrastructure with this?

cheers,
jamal
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ