On Thu, Aug 10, 2023 at 02:29:49PM -0700, Jakub Kicinski wrote: > On Thu, 10 Aug 2023 15:04:27 -0400 Michael S. Tsirkin wrote: > > Another question is that with this userspace can inject > > packets directly into net stack. Should we check CAP_NET_ADMIN > > or such? > > Directly into the stack? I thought VDUSE is vDPA in user space, > meaning to get to the kernel the packet has to first go thru > a virtio-net instance.
yes. is that a sufficient filter in your opinion? > Or you mean directly into the network? _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
