From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
To: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: "Stephen Hemminger" <stephen@networkplumber.org>,
"Hangbin Liu" <haliu@redhat.com>,
"David Ahern" <dsahern@gmail.com>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Alexei Starovoitov" <ast@kernel.org>,
"Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"David Miller" <davem@davemloft.net>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
"Jiri Benc" <jbenc@redhat.com>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Toke Høiland-Jørgensen" <toke@redhat.com>
Subject: Re: [PATCHv2 iproute2-next 0/5] iproute2: add libbpf support
Date: Thu, 29 Oct 2020 13:30:28 -0700 [thread overview]
Message-ID: <CAEf4BzYZZa7FkQ5F=aKyjyrX2ekU6D67SN_pkCLZ=5tchmWurw@mail.gmail.com> (raw)
In-Reply-To: <20201029123801.4d03ebb5@carbon>
On Thu, Oct 29, 2020 at 4:38 AM Jesper Dangaard Brouer
<brouer@redhat.com> wrote:
>
> On Wed, 28 Oct 2020 19:50:51 -0700
> Andrii Nakryiko <andrii.nakryiko@gmail.com> wrote:
>
> > On Wed, Oct 28, 2020 at 7:34 PM Stephen Hemminger
> > <stephen@networkplumber.org> wrote:
> > >
> > > On Wed, 28 Oct 2020 19:27:20 -0700
> > > Andrii Nakryiko <andrii.nakryiko@gmail.com> wrote:
> > >
> > > > On Wed, Oct 28, 2020 at 7:06 PM Hangbin Liu <haliu@redhat.com> wrote:
> > > > >
> > > > > On Wed, Oct 28, 2020 at 05:02:34PM -0600, David Ahern wrote:
> > > > > > fails to compile on Ubuntu 20.10:
> > > > > >
> [...]
> > > > > You need to update libbpf to latest version.
> > > >
> > > > Why not using libbpf from submodule?
> > >
> > > Because it makes it harder for people downloading tarballs and distributions.
> >
> > Genuinely curious, making harder how exactly? When packaging sources
> > as a tarball you'd check out submodules before packaging, right?
> >
> > > Iproute2 has worked well by being standalone.
> >
> > Again, maybe I'm missing something, but what makes it not a
> > standalone, if it is using a submodule? Pahole, for instance, is using
> > libbpf through submodule and just bypasses all the problems with
> > detection of features and library availability. I haven't heard anyone
> > complaining about it made working with pahole harder in any way.
>
> I do believe you are missing something.
I don't think I got an answer how submodules make it harder for people
downloading tarballs and distributions, and the standalone-ness issue.
Your security angle is a very different aspect.
> I guess I can be the relay for
> complains, so you will officially hear about this. Red Hat and Fedora
> security is complaining that we are packaging a library (libbpf)
> directly into the individual packages. They complain because in case
> of a security issue, they have to figure out to rebuild all the software
> packages that are statically compiled with this library.
They must be having nightmares already about BCC, bpftool, pahole, as
well as perf built with libbpf statically (perf on my server is, at
least). I also wonder how many other projects do use either submodules
or static linking with libraries as well.
>
> Maybe you say I don't care that Distro security teams have to do more
> work and update more packages. Then security team says, we expect
> customers will use this library right, and if we ship it as a dynamic
> loadable (.so) file, then we can update and fix security issues in
> library without asking customers to recompile. (Notice the same story
> goes if we can update the base-image used by a container).
It's a trade off, and everyone decides for themselves where they want
to stand on this.
On the one hand, there are security folks obsessing about hypothetical
security vulnerabilities in libbpf so bad that they will need to
update libbpf overnight.
On the other hand, extra complexity for multiple users of libbpf to do
feature detection and working around the lack of some of the APIs in
libbpf due to older versions in the system. That extra complexity
might lead to more problems, bugs, vulnerabilities in the long run.
I understand the concerns and how dynamic libraries make it easier. We
can't really know for sure which of those two aspects would lead to
more pain and problems overall. I personally choose simplicity,
though.
But as I said, it's up to iproute2 folks to decide. Was just curious
about some of the claims I cited.
>
>
> --
> Best regards,
> Jesper Dangaard Brouer
> MSc.CS, Principal Kernel Engineer at Red Hat
> LinkedIn: http://www.linkedin.com/in/brouer
>
next prev parent reply other threads:[~2020-10-29 20:30 UTC|newest]
Thread overview: 167+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-23 3:38 [PATCH iproute2-next 0/5] iproute2: add libbpf support Hangbin Liu
2020-10-23 3:38 ` [PATCH iproute2-next 1/5] configure: add check_libbpf() for later " Hangbin Liu
2020-10-23 3:38 ` [PATCH iproute2-next 2/5] lib: rename bpf.c to bpf_legacy.c Hangbin Liu
2020-10-23 3:38 ` [PATCH iproute2-next 3/5] lib: add libbpf support Hangbin Liu
2020-10-23 14:34 ` David Ahern
2020-10-25 15:13 ` Toke Høiland-Jørgensen
2020-10-25 22:12 ` David Ahern
2020-10-26 8:56 ` Hangbin Liu
2020-10-26 15:15 ` David Ahern
2020-10-27 2:58 ` Hangbin Liu
2020-10-24 0:21 ` Andrii Nakryiko
2020-10-25 15:11 ` Toke Høiland-Jørgensen
2020-10-26 8:10 ` Hangbin Liu
2020-10-23 3:38 ` [PATCH iproute2-next 4/5] examples/bpf: move struct bpf_elf_map defined maps to legacy folder Hangbin Liu
2020-10-23 3:38 ` [PATCH iproute2-next 5/5] examples/bpf: add bpf examples with BTF defined maps Hangbin Liu
2020-10-28 13:25 ` [PATCHv2 iproute2-next 0/5] iproute2: add libbpf support Hangbin Liu
2020-10-28 13:25 ` [PATCHv2 iproute2-next 1/5] configure: add check_libbpf() for later " Hangbin Liu
2020-10-28 13:25 ` [PATCHv2 iproute2-next 2/5] lib: rename bpf.c to bpf_legacy.c Hangbin Liu
2020-10-28 13:25 ` [PATCHv2 iproute2-next 3/5] lib: add libbpf support Hangbin Liu
2020-10-28 13:25 ` [PATCHv2 iproute2-next 4/5] examples/bpf: move struct bpf_elf_map defined maps to legacy folder Hangbin Liu
2020-10-28 13:25 ` [PATCHv2 iproute2-next 5/5] examples/bpf: add bpf examples with BTF defined maps Hangbin Liu
2020-10-28 21:17 ` [PATCHv2 iproute2-next 0/5] iproute2: add libbpf support Alexei Starovoitov
2020-10-28 23:02 ` David Ahern
2020-10-29 2:06 ` Hangbin Liu
2020-10-29 2:20 ` David Ahern
2020-10-29 2:45 ` Hangbin Liu
2020-10-29 3:00 ` David Ahern
2020-10-29 3:17 ` Hangbin Liu
2020-10-29 10:26 ` Hangbin Liu
2020-10-29 10:51 ` Toke Høiland-Jørgensen
2020-10-29 2:27 ` Andrii Nakryiko
2020-10-29 2:33 ` David Ahern
2020-10-29 2:46 ` Andrii Nakryiko
2020-10-29 2:34 ` Stephen Hemminger
2020-10-29 2:50 ` Andrii Nakryiko
2020-10-29 11:38 ` Jesper Dangaard Brouer
2020-10-29 20:30 ` Andrii Nakryiko [this message]
2020-10-29 2:33 ` Stephen Hemminger
2020-10-29 15:11 ` [PATCHv3 " Hangbin Liu
2020-10-29 15:11 ` [PATCHv3 iproute2-next 1/5] configure: add check_libbpf() for later " Hangbin Liu
2020-10-29 15:26 ` Toke Høiland-Jørgensen
2020-11-02 15:37 ` David Ahern
2020-11-03 5:54 ` Hangbin Liu
2020-11-03 17:32 ` David Ahern
2020-11-04 8:51 ` Hangbin Liu
2020-11-04 11:09 ` Toke Høiland-Jørgensen
2020-11-04 11:40 ` Hangbin Liu
2020-10-29 15:11 ` [PATCHv3 iproute2-next 2/5] lib: rename bpf.c to bpf_legacy.c Hangbin Liu
2020-10-29 15:11 ` [PATCHv3 iproute2-next 3/5] lib: add libbpf support Hangbin Liu
2020-11-02 15:41 ` David Ahern
2020-11-03 5:48 ` Hangbin Liu
2020-11-03 17:19 ` David Ahern
2020-11-04 8:22 ` Hangbin Liu
2020-11-05 2:33 ` David Ahern
2020-11-05 7:51 ` Hangbin Liu
2020-11-05 15:25 ` David Ahern
2020-11-05 15:57 ` Toke Høiland-Jørgensen
2020-11-05 16:02 ` David Ahern
2020-11-06 0:56 ` Hangbin Liu
2020-11-06 0:41 ` Hangbin Liu
2020-10-29 15:11 ` [PATCHv3 iproute2-next 4/5] examples/bpf: move struct bpf_elf_map defined maps to legacy folder Hangbin Liu
2020-10-29 15:11 ` [PATCHv3 iproute2-next 5/5] examples/bpf: add bpf examples with BTF defined maps Hangbin Liu
2020-11-02 15:47 ` [PATCHv3 iproute2-next 0/5] iproute2: add libbpf support David Ahern
2020-11-03 6:58 ` Andrii Nakryiko
2020-11-03 8:42 ` Jiri Benc
2020-11-03 17:45 ` David Ahern
2020-11-03 17:48 ` Alexei Starovoitov
2020-11-03 8:46 ` Daniel Borkmann
2020-11-03 17:35 ` David Ahern
2020-11-03 17:47 ` Alexei Starovoitov
2020-11-03 18:23 ` Stephen Hemminger
2020-11-03 22:32 ` David Ahern
2020-11-03 22:55 ` Alexei Starovoitov
2020-11-04 1:40 ` David Ahern
2020-11-04 2:45 ` Alexei Starovoitov
2020-11-04 9:28 ` Jiri Benc
2020-11-05 2:39 ` David Ahern
2020-11-04 2:17 ` Hangbin Liu
2020-11-04 3:11 ` Alexei Starovoitov
2020-11-04 10:01 ` Jiri Benc
2020-11-04 10:21 ` Daniel Borkmann
2020-11-04 11:20 ` Toke Høiland-Jørgensen
2020-11-04 13:12 ` Daniel Borkmann
2020-11-04 19:17 ` Jakub Kicinski
2020-11-04 20:43 ` Andrii Nakryiko
2020-11-04 22:24 ` Toke Høiland-Jørgensen
2020-11-05 20:14 ` Andrii Nakryiko
2020-11-05 3:48 ` David Ahern
2020-11-05 20:53 ` Andrii Nakryiko
2020-11-05 3:19 ` David Ahern
2020-11-05 14:05 ` Jamal Hadi Salim
2020-11-05 21:01 ` Andrii Nakryiko
2020-11-06 15:27 ` Jamal Hadi Salim
2020-11-06 21:25 ` Andrii Nakryiko
2020-11-10 12:47 ` Edward Cree
2020-11-11 0:53 ` Alexei Starovoitov
2020-11-11 11:31 ` Edward Cree
2020-11-11 18:08 ` Alexei Starovoitov
2020-11-05 20:45 ` Andrii Nakryiko
2020-11-06 9:00 ` Jiri Benc
2020-11-06 21:07 ` Andrii Nakryiko
2020-11-04 21:15 ` Edward Cree
2020-11-04 22:10 ` Alexei Starovoitov
2020-11-04 22:35 ` Toke Høiland-Jørgensen
2020-11-04 23:05 ` Edward Cree
2020-11-05 20:19 ` Andrii Nakryiko
2020-11-06 8:44 ` Jiri Benc
2020-11-06 20:57 ` Andrii Nakryiko
2020-11-06 21:04 ` Alexei Starovoitov
2020-11-06 23:25 ` Stephen Hemminger
2020-11-06 23:30 ` Andrii Nakryiko
2020-11-07 0:41 ` Stephen Hemminger
2020-11-07 1:07 ` Andrii Nakryiko
2020-11-06 23:38 ` David Ahern
2020-11-09 1:45 ` Alexei Starovoitov
2020-11-10 4:09 ` David Ahern
2020-11-11 0:47 ` Alexei Starovoitov
2020-11-11 11:02 ` Toke Høiland-Jørgensen
2020-11-11 15:06 ` Daniel Borkmann
2020-11-11 16:33 ` David Ahern
2020-11-12 22:36 ` Toke Høiland-Jørgensen
2020-11-12 23:20 ` Daniel Borkmann
2020-11-13 0:04 ` Stephen Hemminger
2020-11-13 0:40 ` Alexei Starovoitov
2020-11-13 3:55 ` David Ahern
2020-11-09 7:07 ` [PATCHv4 " Hangbin Liu
2020-11-09 7:07 ` [PATCHv4 iproute2-next 1/5] configure: add check_libbpf() for later " Hangbin Liu
2020-11-14 3:26 ` David Ahern
2020-11-16 4:30 ` Hangbin Liu
2020-11-16 4:33 ` David Ahern
2020-11-09 7:07 ` [PATCHv4 iproute2-next 2/5] lib: rename bpf.c to bpf_legacy.c Hangbin Liu
2020-11-14 3:24 ` David Ahern
2020-11-16 3:55 ` Hangbin Liu
2020-11-09 7:08 ` [PATCHv4 iproute2-next 3/5] lib: add libbpf support Hangbin Liu
2020-11-09 7:08 ` [PATCHv4 iproute2-next 4/5] examples/bpf: move struct bpf_elf_map defined maps to legacy folder Hangbin Liu
2020-11-09 7:08 ` [PATCHv4 iproute2-next 5/5] examples/bpf: add bpf examples with BTF defined maps Hangbin Liu
2020-11-16 6:53 ` [PATCHv5 iproute2-next 0/5] iproute2: add libbpf support Hangbin Liu
2020-11-16 6:53 ` [PATCHv5 iproute2-next 1/5] configure: add check_libbpf() for later " Hangbin Liu
2020-11-16 6:53 ` [PATCHv5 iproute2-next 2/5] lib: rename bpf.c to bpf_legacy.c Hangbin Liu
2020-11-16 6:53 ` [PATCHv5 iproute2-next 3/5] lib: add libbpf support Hangbin Liu
2020-11-16 6:53 ` [PATCHv5 iproute2-next 4/5] examples/bpf: move struct bpf_elf_map defined maps to legacy folder Hangbin Liu
2020-11-16 6:53 ` [PATCHv5 iproute2-next 5/5] examples/bpf: add bpf examples with BTF defined maps Hangbin Liu
2020-11-16 7:19 ` [PATCHv5 iproute2-next 0/5] iproute2: add libbpf support Alexei Starovoitov
2020-11-16 14:54 ` Jesper Dangaard Brouer
2020-11-16 23:29 ` Toke Høiland-Jørgensen
2020-11-17 2:37 ` Alexei Starovoitov
2020-11-17 3:19 ` Hangbin Liu
2020-11-17 18:27 ` Alexei Starovoitov
2020-11-17 11:56 ` Edward Cree
2020-11-17 3:38 ` David Ahern
2020-11-17 18:19 ` Alexei Starovoitov
2020-11-16 16:45 ` Stephen Hemminger
2020-11-23 13:11 ` [PATCHv6 " Hangbin Liu
2020-11-23 13:11 ` [PATCHv6 iproute2-next 1/5] iproute2: add check_libbpf() and get_libbpf_version() Hangbin Liu
2020-11-23 13:11 ` [PATCHv6 iproute2-next 2/5] lib: make ipvrf able to use libbpf and fix function name conflicts Hangbin Liu
2020-11-23 13:11 ` [PATCHv6 iproute2-next 3/5] lib: add libbpf support Hangbin Liu
2020-11-23 13:12 ` [PATCHv6 iproute2-next 4/5] examples/bpf: move struct bpf_elf_map defined maps to legacy folder Hangbin Liu
2020-11-23 13:12 ` [PATCHv6 iproute2-next 5/5] examples/bpf: add bpf examples with BTF defined maps Hangbin Liu
2020-11-25 5:28 ` [PATCHv6 iproute2-next 0/5] iproute2: add libbpf support David Ahern
2020-11-25 5:30 ` patchwork-bot+netdevbpf
2020-11-29 6:16 ` [PATCH " Stephen Hemminger
2020-11-29 6:22 ` Greg KH
2020-11-30 11:39 ` Michal Kubecek
2020-11-29 17:33 ` Alexei Starovoitov
2020-11-29 19:41 ` David Ahern
2020-11-30 11:04 ` Toke Høiland-Jørgensen
2020-12-01 14:22 ` Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEf4BzYZZa7FkQ5F=aKyjyrX2ekU6D67SN_pkCLZ=5tchmWurw@mail.gmail.com' \
--to=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=haliu@redhat.com \
--cc=jbenc@redhat.com \
--cc=kafai@fb.com \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=stephen@networkplumber.org \
--cc=toke@redhat.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).