From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Tom Herbert <tom@herbertland.com>
Cc: brouer@redhat.com,
Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: Code quality and XDP
Date: Sat, 8 Oct 2016 06:28:17 +0200 [thread overview]
Message-ID: <20161008062817.45d6ac2b@redhat.com> (raw)
In-Reply-To: <CALx6S37LyR7NGkmxFrP67GVPsyke+BM9eZm0PSw+vQo3+wjSuA@mail.gmail.com>
On Sat, 8 Oct 2016 07:25:01 +0900 Tom Herbert <tom@herbertland.com> wrote:
> One concern raised at netdev concerning XDP is how are we going to
> maintain code quality, security, and correctness of programs being
> loaded. With kernel bypass it is not just the kernel code path that is
> being bypassed, but also the processes that hold the quality of code
> being accepted to a high bar. Our users expect that quality to be
> maintained.
>
> I suggest that we need XDP programs to be subject to the same scrutiny
> that any other kernel netdev code is. One idea is to sign programs
> that have been accepted into the kernel. By default only signed
> programs would be allowed to be loaded, the override to allow unsigned
> programs might be a kernel config or a least a boot parameter
> (enabling the override needs to be very explicit).
Sorry, I think this "lock-down" will kill the DDoS use-case. In the
DDoS mitigation use-case, is all about flexibility to adapt quickly to
changing attacks. Thus, you need the ability to quickly modify your
programs to catch attack signatures.
> The acceptable XDP programs should probably be under their own
> directory. Such a directory should only contain kernel code, not
> userspace code also as is currently in samples/bpf.
>
> A nice side effect of this model is when the same XDP programs are
> being used in non-Linux environments (HW offload, other OSes, etc.)
> the process could maintain quality expections in those environments
> also.
I'm not against having some 'signed' eBPF/XDP programs. If a XDP
programs behavior is well-defined enough, this would also open up for
HW offloading of "programs" that does the same functionality (without
looking at the eBPF code).
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2016-10-08 4:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-07 22:25 Code quality and XDP Tom Herbert
2016-10-08 4:28 ` Jesper Dangaard Brouer [this message]
2016-10-08 19:11 ` Tom Herbert
2016-10-09 13:44 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161008062817.45d6ac2b@redhat.com \
--to=brouer@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).