From: Quentin Deslandes <qde@naccy.de>
To: Chethan Suresh <chethan.suresh@sony.com>
Cc: <quentin@isovalent.com>, <bpf@vger.kernel.org>,
Kenta Tada <Kenta.Tada@sony.com>
Subject: Re: [PATCH bpf-next] bpftool: disable bpfilter kernel config checks
Date: Fri, 27 Jan 2023 12:17:37 +0100 [thread overview]
Message-ID: <20230127111737.uxvmfiauusr3jmw2@dev-bpfilter1> (raw)
In-Reply-To: <20230125025516.5603-1-chethan.suresh@sony.com>
On Wed, Jan 25, 2023 at 08:25:16AM +0530, Chethan Suresh wrote:
> We've experienced similar issues about bpfilter like below:
> https://github.com/moby/moby/issues/43755
> https://lore.kernel.org/bpf/CAADnVQJ5MxGkq=ng214aYoH-NmZ1gjoS=ZTY1eU-Fag4RwZjdg@mail.gmail.com/
>
> Considering the current development status of bpfilter,
> disable bpfilter kernel config checks in bpftool feature.
> For production system, we should disable both
> CONFIG_BPFILTER and CONFIG_BPFILTER_UMH for now.
> Or can be enabled as some tools depend on bpfilter.
>
> Signed-off-by: Chethan Suresh <chethan.suresh@sony.com>
> Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
> ---
> tools/bpf/bpftool/feature.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
> index 36cf0f1517c9..c6087bbc6613 100644
> --- a/tools/bpf/bpftool/feature.c
> +++ b/tools/bpf/bpftool/feature.c
> @@ -426,10 +426,6 @@ static void probe_kernel_image_config(const char *define_prefix)
> { "CONFIG_BPF_STREAM_PARSER", },
> /* xt_bpf module for passing BPF programs to netfilter */
> { "CONFIG_NETFILTER_XT_MATCH_BPF", },
> - /* bpfilter back-end for iptables */
> - { "CONFIG_BPFILTER", },
> - /* bpftilter module with "user mode helper" */
> - { "CONFIG_BPFILTER_UMH", },
>
> /* test_bpf module for BPF tests */
> { "CONFIG_TEST_BPF", },
> --
> 2.17.1
>
While I don't think this check is effectively needed in bpftool
regarding bpfilter's current state, I don't see how it's related to the
issues you're linking.
The GitHub issue you're linking is due to CONFIG_BPFILTER being enabled
on a kernel, with no related to bpftool.
Regards,
Quentin
next prev parent reply other threads:[~2023-01-27 11:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 2:55 [PATCH bpf-next] bpftool: disable bpfilter kernel config checks Chethan Suresh
2023-01-25 10:33 ` Quentin Monnet
2023-01-25 17:57 ` Daniel Borkmann
2023-01-27 11:17 ` Quentin Deslandes [this message]
2023-02-01 15:21 ` Quentin Deslandes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230127111737.uxvmfiauusr3jmw2@dev-bpfilter1 \
--to=qde@naccy.de \
--cc=Kenta.Tada@sony.com \
--cc=bpf@vger.kernel.org \
--cc=chethan.suresh@sony.com \
--cc=quentin@isovalent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox