lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 5 Feb 2022 15:25:52 +0800
From:   Tonghao Zhang <xiangxia.m.yue@...il.com>
To:     Jamal Hadi Salim <jhs@...atatu.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Cong Wang <xiyou.wangcong@...il.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        Jiri Pirko <jiri@...nulli.us>,
        "David S. Miller" <davem@...emloft.net>,
        Jonathan Lemon <jonathan.lemon@...il.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Alexander Lobakin <alobakin@...me>,
        Paolo Abeni <pabeni@...hat.com>,
        Talal Ahmad <talalahmad@...gle.com>,
        Kevin Hao <haokexin@...il.com>,
        Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Kees Cook <keescook@...omium.org>,
        Kumar Kartikeya Dwivedi <memxor@...il.com>,
        Antoine Tenart <atenart@...nel.org>,
        Wei Wang <weiwan@...gle.com>, Arnd Bergmann <arnd@...db.de>
Subject: Re: [net-next v8 2/2] net: sched: support hash/classid/cpuid
 selecting tx queue

On Mon, Jan 31, 2022 at 9:12 PM Jamal Hadi Salim <jhs@...atatu.com> wrote:
>
> On 2022-01-26 14:52, Cong Wang wrote:
> > You really should just use eBPF, with eBPF code you don't even need
> > to send anything to upstream, you can do whatever you want without
> > arguing with anyone. It is a win-win.
>
> Cong,
>
> This doesnt work in some environments. Example:
>
> 1) Some data centres (telco large and medium sized enteprises that
> i have personally encountered) dont allow for anything that requires
> compilation to be introduced (including ebpf).
> They depend on upstream - if something is already in the kernel and
> requires a script it becomes an operational issue which is a simpler
> process.
> This is unlike large organizations who have staff of developers
> dedicated to coding stuff. Most of the folks i am talking about
> have zero developers in house. But even if they did have a few,
> introducing code into the kernel that has to be vetted by a
> multitude of internal organizations tends to be a very
> long process.
Yes, really agree with that.
> 2) In some cases adding new code voids the distro vendor's
> support warranty and you have to pay the distro vendor to
> vet and put your changes via their regression testing.
> Most of these organizations are tied to one or other distro
> vendor and they dont want to mess with the warranty or pay
> extra fees which causes more work for them (a lot of them
> have their own vetting process after the distro vendors vetting).
>
> I am not sure what the OP's situation is - but what i described
> above is _real_. If there is some extension to existing features like
> skbedit and there is a good use case IMO we should allow for it.
>
> cheers,
> jamal



-- 
Best regards, Tonghao

Powered by blists - more mailing lists