On 2018-10-11 2:44 p.m., David Ahern wrote:
On 10/11/18 12:05 PM, Jamal Hadi Salim wrote:
On 2018-10-11 1:04 p.m., David Ahern wrote:
I meant the general API of users passing filter arguments as attributes
to the dump (or values in the header) -- KIND, MASTER, device index,
etc. This is an e
From: Sowmini Varadhan
Date: Thu, 11 Oct 2018 15:32:48 -0400
> Without getting into Ahern's patchset, which he obviously feels
> quite passionately about..
>
> On (10/11/18 12:28), David Miller wrote:
>>
>> Once you've composed the message, the whole point of filtering is lost.
>
> it would b
Without getting into Ahern's patchset, which he obviously feels
quite passionately about..
On (10/11/18 12:28), David Miller wrote:
>
> Once you've composed the message, the whole point of filtering is lost.
it would be nice to apply the filter *before* constructing the skb,
but afaict most
From: David Ahern
Date: Thu, 11 Oct 2018 12:44:49 -0600
> I disagree with your overall premise of bpf the end-all hammer. It is a
> tool but not the only tool. For starters, you are proposing building the
> message, run the filter on it, and potentially back the message up to
> drop the recently
On 10/11/18 12:05 PM, Jamal Hadi Salim wrote:
> On 2018-10-11 1:04 p.m., David Ahern wrote:
>
>> You can already filter link dumps by kind. How? By passing in the KIND
>> attribute on a dump request. This type of filtering exists for link
>> dumps, neighbor dumps, fdb dumps. Why is there a push to
On 2018-10-11 1:04 p.m., David Ahern wrote:
You can already filter link dumps by kind. How? By passing in the KIND
attribute on a dump request. This type of filtering exists for link
dumps, neighbor dumps, fdb dumps. Why is there a push to make route
dumps different? Why can't they be consistent
On 10/11/18 10:46 AM, Jamal Hadi Salim wrote:
> On 2018-10-11 12:16 p.m., David Ahern wrote:
>
> Yes, you can do it with cBPF but some complexity may occur. Example:
> if i was interested to netdevice events of "kind = vxlan &&
> admin flag is down" then that is non trivial to do with classical bu
On 2018-10-11 12:16 p.m., David Ahern wrote:
IMO, bpf at the fill_info stage is not appropriate.
Somewhere before the skb is formed (and nlmsg is built).
If you go as far as constructing it, then cBPF per what
Sowmini should work; but there will be constructs which
are trickier.
skb->sk
On (10/11/18 09:33), Roopa Prabhu wrote:
> 3. All networking subsystems already have this type of netlink
> attribute filtering that apps rely on. This series
> just makes it consistent for route dumps. Apps use such mechanism
> already when requesting dumps.
> Like everywhere else, BPF hook can be
On Thu, Oct 11, 2018 at 9:16 AM David Ahern wrote:
>
> On 10/11/18 10:07 AM, Jamal Hadi Salim wrote:
> > On 2018-10-11 11:46 a.m., Sowmini Varadhan wrote:
> >> On (10/11/18 08:26), Stephen Hemminger wrote:
> >>> You can do the something like this already with BPF socket filters.
> >>> But writing
On 10/11/18 10:07 AM, Jamal Hadi Salim wrote:
> On 2018-10-11 11:46 a.m., Sowmini Varadhan wrote:
>> On (10/11/18 08:26), Stephen Hemminger wrote:
>>> You can do the something like this already with BPF socket filters.
>>> But writing BPF for multi-part messages is hard.
>>
>> Indeed. And I was jus
On 10/11/18 10:10 AM, Sowmini Varadhan wrote:
> On (10/11/18 09:32), David Ahern wrote:
>>
>> Route dumps are done for the entire FIB for each address family. As we
>> approach internet routing tables (700k+ routes for IPv4, currently
>> around 55k for IPv6) with many VRFs dumping the entire table
On (10/11/18 09:32), David Ahern wrote:
>
> Route dumps are done for the entire FIB for each address family. As we
> approach internet routing tables (700k+ routes for IPv4, currently
> around 55k for IPv6) with many VRFs dumping the entire table is grossly
> inefficient when for example only a si
On 2018-10-11 11:46 a.m., Sowmini Varadhan wrote:
On (10/11/18 08:26), Stephen Hemminger wrote:
You can do the something like this already with BPF socket filters.
But writing BPF for multi-part messages is hard.
Indeed. And I was just experimenting with this for ARP just last week.
So to hand
On (10/11/18 08:26), Stephen Hemminger wrote:
> You can do the something like this already with BPF socket filters.
> But writing BPF for multi-part messages is hard.
Indeed. And I was just experimenting with this for ARP just last week.
So to handle the caes of "ip neigh show a.b.c.d" without wal
On 10/11/18 9:26 AM, Stephen Hemminger wrote:
>>
>
> You can do the something like this already with BPF socket filters.
> But writing BPF for multi-part messages is hard.
>
> Maybe a generic eBPF filter mechanism would be more flexible?
>
That exists today and does not cover what is needed her
On Thu, 11 Oct 2018 08:06:18 -0700
David Ahern wrote:
> From: David Ahern
>
> Implement kernel side filtering of route dumps by protocol (e.g., which
> routing daemon installed the route), route type (e.g., unicast), table
> id and nexthop device.
>
> iproute2 has been doing this filtering in
From: David Ahern
Implement kernel side filtering of route dumps by protocol (e.g., which
routing daemon installed the route), route type (e.g., unicast), table
id and nexthop device.
iproute2 has been doing this filtering in userspace for years; pushing
the filters to the kernel side reduces th
18 matches
Mail list logo
