lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190730170725.279761e7@cakuba.netronome.com>
Date:   Tue, 30 Jul 2019 17:07:25 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     "Daniel T. Lee" <danieltimlee@...il.com>,
        Stephen Hemminger <stephen@...workplumber.org>,
        David Ahern <dsahern@...il.com>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH 0/2] tools: bpftool: add net (un)load command to load
 XDP

On Tue, 30 Jul 2019 16:17:56 -0700, Alexei Starovoitov wrote:
> On Tue, Jul 30, 2019 at 03:59:15PM -0700, Jakub Kicinski wrote:
> > On Wed, 31 Jul 2019 03:48:19 +0900, Daniel T. Lee wrote:  
> > > Currently, bpftool net only supports dumping progs loaded on the
> > > interface. To load XDP prog on interface, user must use other tool
> > > (eg. iproute2). By this patch, with `bpftool net (un)load`, user can
> > > (un)load XDP prog on interface.  
> > 
> > I don't understand why using another tool is a bad thing :(
> > What happened to the Unix philosophy?
> > 
> > I remain opposed to duplicating iproute2's functionality under 
> > bpftool net :( The way to attach bpf programs in the networking
> > subsystem is through the iproute2 commends - ip and tc.. 
> > 
> > It seems easy enough to add a feature to bpftool but from 
> > a perspective of someone adding a new feature to the kernel, 
> > and wanting to update user space components it's quite painful :(
> > 
> > So could you describe to me in more detail why this is a good idea?
> > Perhaps others can chime in?  
> 
> I don't think it has anything to do with 'unix philosophy'.
> Here the proposal to teach bpftool to attach xdp progs.
> I see nothing wrong with that.

Nothing meaning you disagree it's duplicated effort and unnecessary 
LoC the community has to maintain, review, test..?

> Another reason is iproute2 is still far away from adopting libbpf.
> So all the latest goodness like BTF, introspection, etc will not
> be available to iproute2 users for some time.

Duplicating the same features in bpftool will only diminish the
incentive for moving iproute2 to libbpf. And for folks who deal
with a wide variety of customers, often novices maintaining two
ways of doing the same thing is a hassle :(

> Even when iproute2 is ready it would be convenient for folks like me
> (who need to debug stuff in production) to remember cmd line of
> bpftool only to introspect the server. Debugging often includes
> detaching/attaching progs. Not only doing 'bpftool p s'.

Let's just put the two commands next to each other:

       ip link set xdp $PROG dev $DEV

bpftool net attach xdp $PROG dev $DEV

Are they that different?

> If bpftool was taught to do equivalent of 'ip link' that would be
> very different story and I would be opposed to that.

Yes, that'd be pretty clear cut, only the XDP stuff is a bit more 
of a judgement call.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ