On 11/20/2018 06:40 PM, Alexei Starovoitov wrote: > > looks good to me. > > Any particular reason you decided to disable it for cg_skb ? > It seems to me the same EDT approach will work from > cgroup-bpf skb hooks just as well and then we can have neat > way of controlling traffic per-container instead of tc-clsbpf global. > If you're already on cgroup v2 it will save you a lot of classifier > cycles, since you'd be able to group apps by cgroup > instead of relying on ip only. Vlad first wrote a complete version, but we felt explaining the _why_ was probably harder. No particular reason, other than having to write more tests perhaps.
- [PATCH bpf-next] bpf: add read/write access to skb->... Vlad Dumitrescu
- Re: [PATCH bpf-next] bpf: add read/write access to... Eric Dumazet
- Re: [PATCH bpf-next] bpf: add read/write acces... Willem de Bruijn
- Re: [PATCH bpf-next] bpf: add read/write access to... Alexei Starovoitov
- Re: [PATCH bpf-next] bpf: add read/write acces... Eric Dumazet
- Re: [PATCH bpf-next] bpf: add read/write a... Vlad Dumitrescu
- Re: [PATCH bpf-next] bpf: add read/wri... Alexei Starovoitov
- Re: [PATCH bpf-next] bpf: add read/wri... Daniel Borkmann
- [PATCH v2 bpf-next] bpf: add skb->tstamp r/w ac... Vlad Dumitrescu
- Re: [PATCH v2 bpf-next] bpf: add skb->tstam... Alexei Starovoitov
