| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <874kegbqkd.fsf@toke.dk>
Date: Wed, 02 Jun 2021 10:48:02 +0200
From: Toke Høiland-Jørgensen <toke@...hat.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>,
Cong Wang <xiyou.wangcong@...il.com>
Cc: David Miller <davem@...emloft.net>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Lorenz Bauer <lmb@...udflare.com>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>, kernel-team <kernel-team@...com>
Subject: Re: [RFC PATCH bpf-next] bpf: Introduce bpf_timer
Alexei Starovoitov <alexei.starovoitov@...il.com> writes:
>> > In general the garbage collection in any form doesn't scale.
>> > The conntrack logic doesn't need it. The cillium conntrack is a great
>> > example of how to implement a conntrack without GC.
>>
>> That is simply not a conntrack. We expire connections based on
>> its time, not based on the size of the map where it residents.
>
> Sounds like your goal is to replicate existing kernel conntrack
> as bpf program by doing exactly the same algorithm and repeating
> the same mistakes. Then add kernel conntrack functions to allow list
> of kfuncs (unstable helpers) and call them from your bpf progs.
FYI, we're working on exactly this (exposing kernel conntrack to BPF).
Hoping to have something to show for our efforts before too long, but
it's still in a bit of an early stage...
-Toke
Powered by blists - more mailing lists