Yes. But where do you place that bpf code? Where will it run? What packets will it monitor?
eBPF is run in a virtual machine _in_the_kernel_. So a "VM using SR-IOV" bypasses this, also. Your monitor must be running in each guest VM, or you must NOT allow SR-IOV - that bypasses the host's kernel - even the host supervisor! - too! 2018. október 4., csütörtök 14:22:49 UTC+2 időpontban Hemant Singh a következőt írta: > Right. However, if a VM is using SR-IOV which connects the VM directly to > the NIC, the kernel is bypassed. Since sending my email, I also found a > packet filter in golang: > > https://godoc.org/golang.org/x/net/bpf > > I have tested the above code yet. > > Thanks, > > Hemant > > On Thursday, October 4, 2018 at 12:22:11 AM UTC-4, Tamás Gulácsi wrote: >> >> If your metering runs in the same (virtual) machine as the metered >> processes, the kernel sees the packets, so ebpf is the fastest. >> >> If you run in different machines, or the virtualization skips the host, >> then you cannot catch the packets. >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
