On Wednesday, August 16, 2023 4:46 PM Stephen Hemminger <step...@networkplumber.org> wrote:
> On Wed, 16 Aug 2023 15:25:52 +0200 > Mykola Kostenok <mko-...@napatech.com> wrote: > > > From: Christian Koue Muf <c...@napatech.com> > > > > The socket connection is used by Napatech's tools for monitoring and > > rte_flow programming from other processes. > > > > Signed-off-by: Christian Koue Muf <c...@napatech.com> > > Reviewed-by: Mykola Kostenok <mko-...@napatech.com> > > I would prefer that this be general and work with other PMD's. > Why is existing telemetry model not good enough? The existing telemetry is good enough in many cases. The problems arise in multi-container environments. The design of Napatech's adapters is that they only have 1 PF, which is owned by a single process in a single container. Other containers will only have access to VFs, which do not provide any metrics. The ntconnect socket will allow remote applications to access data from the application that owns the PF. I understand your concerns for security. My suggestion would be to disable the code using meson.build config by default.
