lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <555CF83B.7040706@fb.com>
Date:	Wed, 20 May 2015 14:10:19 -0700
From:	Alex Gartrell <agartrell@...com>
To:	<lvs-devel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<netdev@...r.kernel.org>
CC:	<kernel-team@...com>
Subject: We've released a generic netlink python library -- gnlpy

Hey everyone,

tl;dr; pure python generic netlink library with simple clients for ipvs 
and taskstats here: https://github.com/facebook/gnlpy

At Facebook we rely upon ipvs for most of our layer-4 load balancing 
needs.  It's mostly worked pretty great for us.  The standard way to 
interact with ipvs is ipvsadm, which will use netlink sockets to make 
rpc calls to the kernel (things like adding/remove services and real 
servers).  Because we run many, many instances of ipvs, we ended up 
scripting this away with a separate program that shells out to ipvsadm.

The down side to this approach was that we had to format the arguments 
and parse the result of the tool, which was kind of a pain. 
Additionally, we'd sometimes get into a bad state where the exec would 
fail or the binary wouldn't be there and the whole thing would kind of 
break.  To my knowledge this never caused any kind of large scale 
incident, but it was an annoying thing to deal with.

At some point, we made some changes to ipvs (heterogenous pools) and we 
were in the position of needing to roll a new ipvsadm binary to take 
advantage of the functionality.  That was fundamentally unappealing to 
yours truly, so I hacked together gnlpy (Generic NetLink PYthon library) 
instead.  It's been in production for several months.

At some point thereafter, someone on the lvs-devel list mentioned 
wanting to interact with ipvs through python and I made a vague 
assurance that we'd open source this thing.  Well here we are.

If you take a look at the code, you'll quickly notice that we haven't 
gone through the trouble of implementing every RPC call for the families 
we support and we certainly haven't gone through the trouble of 
implementing every generic netlink family.  We welcome your pull requests :)

-- 
Alex Gartrell <agartrell@...com>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ