From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: Re: [PATCH v5 0/6] Add eBPF hooks for cgroups Date: Wed, 14 Sep 2016 12:30:38 +0200 Message-ID: <20160914103038.GA910@salvia> References: <1473696735-11269-1-git-send-email-daniel@zonque.org> <20160913115627.GA4898@salvia> <20160913172408.GC6138@salvia> <20160914044217.GA44742@ast-mbp.thefacebook.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Daniel Mack , htejun-b10kYP2dOMg@public.gmane.org, daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org, ast-b10kYP2dOMg@public.gmane.org, davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org, kafai-b10kYP2dOMg@public.gmane.org, fw-HFFVJYpyMKqzQB+pC5nmwQ@public.gmane.org, harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org, cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Alexei Starovoitov Return-path: Content-Disposition: inline In-Reply-To: <20160914044217.GA44742-+o4/htvd0TDFYCXBM6kdu7fOX0fSgVTm@public.gmane.org> Sender: cgroups-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: netdev.vger.kernel.org On Tue, Sep 13, 2016 at 09:42:19PM -0700, Alexei Starovoitov wrote: [...] > For us this cgroup+bpf is _not_ for filterting and _not_ for security. If your goal is monitoring, then convert these hooks not to allow to issue a verdict on the packet, so this becomes inoquous in the same fashion as the tracing infrastructure. [...] > I'd really love to have an alternative to bpf for such tasks, > but you seem to spend all the energy arguing against bpf whereas > nft still has a lot to be desired. Please Alexei, stop that FUD. Anyone that has spent just one day using the bpf tooling and infrastructure knows you have problems to resolve...