lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 5 Feb 2022 15:25:52 +0800
From:   Tonghao Zhang <>
To:     Jamal Hadi Salim <>,
        Jakub Kicinski <>,
        Cong Wang <>
Cc:     Linux Kernel Network Developers <>,
        Jiri Pirko <>,
        "David S. Miller" <>,
        Jonathan Lemon <>,
        Eric Dumazet <>,
        Alexander Lobakin <>,
        Paolo Abeni <>,
        Talal Ahmad <>,
        Kevin Hao <>,
        Ilias Apalodimas <>,
        Kees Cook <>,
        Kumar Kartikeya Dwivedi <>,
        Antoine Tenart <>,
        Wei Wang <>, Arnd Bergmann <>
Subject: Re: [net-next v8 2/2] net: sched: support hash/classid/cpuid
 selecting tx queue

On Mon, Jan 31, 2022 at 9:12 PM Jamal Hadi Salim <> wrote:
> On 2022-01-26 14:52, Cong Wang wrote:
> > You really should just use eBPF, with eBPF code you don't even need
> > to send anything to upstream, you can do whatever you want without
> > arguing with anyone. It is a win-win.
> Cong,
> This doesnt work in some environments. Example:
> 1) Some data centres (telco large and medium sized enteprises that
> i have personally encountered) dont allow for anything that requires
> compilation to be introduced (including ebpf).
> They depend on upstream - if something is already in the kernel and
> requires a script it becomes an operational issue which is a simpler
> process.
> This is unlike large organizations who have staff of developers
> dedicated to coding stuff. Most of the folks i am talking about
> have zero developers in house. But even if they did have a few,
> introducing code into the kernel that has to be vetted by a
> multitude of internal organizations tends to be a very
> long process.
Yes, really agree with that.
> 2) In some cases adding new code voids the distro vendor's
> support warranty and you have to pay the distro vendor to
> vet and put your changes via their regression testing.
> Most of these organizations are tied to one or other distro
> vendor and they dont want to mess with the warranty or pay
> extra fees which causes more work for them (a lot of them
> have their own vetting process after the distro vendors vetting).
> I am not sure what the OP's situation is - but what i described
> above is _real_. If there is some extension to existing features like
> skbedit and there is a good use case IMO we should allow for it.
> cheers,
> jamal

Best regards, Tonghao

Powered by blists - more mailing lists