lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87edww3zz1.fsf@toke.dk> Date: Wed, 31 Aug 2022 22:44:18 +0200 From: Toke Høiland-Jørgensen <toke@...nel.org> To: Florian Westphal <fw@...len.de> Cc: netfilter-devel@...r.kernel.org, bpf@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH nf-next] netfilter: nf_tables: add ebpf expression > But, all things considered, what about this: > > I'll respin, with the FILENAME attribute removed, so user says > 'ebpf pinned bla', and on listing nft walks /sys/bpf/nft/ to see if > it can find the name again. > > If it can't find it, print the id instead. > > This would mean nft would also have to understand > 'ebpf id 12' on input, but I think thats fine. We can document that > this is not the preferred method due to the difficulty of determining > the correct id to use. > > With this, no 'extra' userspace-sake info needs to be stored. > We can revisit what do with 'ebpf file /bla/foo.o' once/if that gets > added. > > What do you think? > Will take a while because I'll need to extend the nft side first to cope > with lack of 'FILENAME' attribute. To the extend it's still relevant, yeah, this seems like a reasonable plan to me :) -Toke
Powered by blists - more mailing lists