From: David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
To: lorenzo-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org
Cc: daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org,
alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org,
pablo-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org,
htejun-b10kYP2dOMg@public.gmane.org,
ast-b10kYP2dOMg@public.gmane.org,
kafai-b10kYP2dOMg@public.gmane.org,
fw-HFFVJYpyMKqzQB+pC5nmwQ@public.gmane.org,
harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH v7 0/6] Add eBPF hooks for cgroups
Date: Tue, 01 Nov 2016 11:38:33 -0400 (EDT) [thread overview]
Message-ID: <20161101.113833.983996221243204456.davem@davemloft.net> (raw)
In-Reply-To: <CAKD1Yr02SCHvd-xZJL14d_Ta8Dk4evHZ60zytpU0h4r80FucwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
From: Lorenzo Colitti <lorenzo-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Date: Wed, 2 Nov 2016 00:25:15 +0900
> That way, if you want to modify the packet or do something
> sophisticated in netfilter, you can still use the eBPF hook on the
> results of that operation, and if you don't want to run netfilter, you
> can write netfilter rules to skip the packet (and maybe still fix it
> up later, perhaps in another netfilter chain).
The downside is that we classify the packet twice. This transactional
cost adds up rather quickly.
prev parent reply other threads:[~2016-11-01 15:38 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-25 10:14 [PATCH v7 0/6] Add eBPF hooks for cgroups Daniel Mack
2016-10-25 10:14 ` [PATCH v7 1/6] bpf: add new prog type for cgroup socket filtering Daniel Mack
2016-10-25 10:14 ` [PATCH v7 4/6] net: filter: run cgroup eBPF ingress programs Daniel Mack
[not found] ` <1477390454-12553-1-git-send-email-daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>
2016-10-25 10:14 ` [PATCH v7 2/6] cgroup: add support for eBPF programs Daniel Mack
2016-10-25 10:14 ` [PATCH v7 3/6] bpf: add BPF_PROG_ATTACH and BPF_PROG_DETACH commands Daniel Mack
2016-10-25 10:14 ` [PATCH v7 5/6] net: ipv4, ipv6: run cgroup eBPF egress programs Daniel Mack
2016-10-31 16:40 ` David Miller
[not found] ` <20161031.124003.1361406552151798940.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2016-11-02 1:17 ` Daniel Borkmann
2016-10-25 10:14 ` [PATCH v7 6/6] samples: bpf: add userspace example for attaching eBPF programs to cgroups Daniel Mack
2016-10-26 19:59 ` [PATCH v7 0/6] Add eBPF hooks for cgroups Pablo Neira Ayuso
2016-10-27 3:35 ` Alexei Starovoitov
[not found] ` <20161027033502.GA43960-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-10-28 11:28 ` Pablo Neira Ayuso
2016-10-28 15:00 ` David Ahern
2016-10-29 1:42 ` Alexei Starovoitov
2016-10-27 8:40 ` Daniel Mack
[not found] ` <c9683122-d770-355b-e275-7c446e6d1d0f-cYrQPVfZoowdnm+yROfE0A@public.gmane.org>
2016-10-28 11:53 ` Pablo Neira Ayuso
2016-10-28 12:07 ` Daniel Mack
2016-10-29 3:51 ` Lorenzo Colitti
[not found] ` <CAKD1Yr2aRDNUxX8onReZyURufphxGoSTek=Fjk3Wswq9WOVp4w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 4:51 ` Alexei Starovoitov
[not found] ` <20161029045107.GA61294-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org>
2016-10-29 4:59 ` Lorenzo Colitti
[not found] ` <CAKD1Yr2pMk52h7BdRwTvGwnP5+ONmr4ac6cyUBoZ9P+Kt-B8jw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 6:24 ` Alexei Starovoitov
2016-10-29 15:34 ` Lorenzo Colitti
2016-10-29 20:29 ` Daniel Borkmann
2016-11-01 15:25 ` Lorenzo Colitti
[not found] ` <CAKD1Yr02SCHvd-xZJL14d_Ta8Dk4evHZ60zytpU0h4r80FucwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-01 15:38 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161101.113833.983996221243204456.davem@davemloft.net \
--to=davem-ft/pcqaiutieiz0/mpfg9q@public.gmane.org \
--cc=alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=ast-b10kYP2dOMg@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org \
--cc=daniel-cYrQPVfZoowdnm+yROfE0A@public.gmane.org \
--cc=fw-HFFVJYpyMKqzQB+pC5nmwQ@public.gmane.org \
--cc=harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=htejun-b10kYP2dOMg@public.gmane.org \
--cc=kafai-b10kYP2dOMg@public.gmane.org \
--cc=lorenzo-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=pablo-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org \
--cc=sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).