lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180219.122908.849533984693125104.davem@davemloft.net>
Date:   Mon, 19 Feb 2018 12:29:08 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     laforge@...monks.org
Cc:     daniel@...earbox.net, netdev@...r.kernel.org,
        netfilter-devel@...r.kernel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH RFC 0/4] net: add bpfilter

From: Harald Welte <laforge@...monks.org>
Date: Mon, 19 Feb 2018 18:20:40 +0100

> It's like with any migration.  People were using ipchains for a long
> time even after iptables existed.  Many people simply don't care
> about packet filter performance.  It's only a small fraction of their
> entire CPU workload, so probably not worth optimzing.  For dedicated
> firewall devices, that's of course a different story.

"I have power in my house, what's the big deal about this power
outage I hear about?"

People with an Android phone in their pocket is using iptables, and
the overhead and performance of those rules really does matter.  It
determines how long your battery life is, etc.

> I can just as well ask how many millions of users / devices are
> already using eBPF or XDP?

Every time someone connects to a major provider, they are using it.

And by in large, for system tracing and analysis eBPF is basically
a hard requirement for people doing anything serious these days.

Please see the wonderful work by Brendan Gregg and others which has
basically made the GPL'ing of DTrace by Oracle entirely irrelevant and
our Linux's tracing infrastructure has become must more powerful and
capable thanks to eBPF.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ