Re: BPF_MISC+BPF_COP and BPF_COPX

To: Matt Thomas <matt%3am-software.com@localhost>
Subject: Re: BPF_MISC+BPF_COP and BPF_COPX
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Sun, 11 Aug 2013 17:33:17 +1000

On 10/08/2013 7:23 AM, Matt Thomas wrote:
> ...
> The possibility of the COP/COPX functions doing bad things is over wrought. 
> It makes the assumption of avoiding BPF and then coding everything is safer 
> than using BPF and COP/COPX functions. 

Depends on what you mean by "bad things."

Thus far I haven't seen a proper problem statement, only this:

> The problem is simple: I want a generic mechanism to offload more complex
> packet inspection operations, e.g. lookup IP address in some container or
> walk IPv6 headers and return some offsets.

IMHO, the IPv6 problem is and will be common enough to deserve its own
instructionas happened with IPv4 and determining the offset of the first
byte after the IPv4 header.

But the generic offload problem hasn't been explained nearly enough.

Is it required for NPF?
Is it required for tcpdump?
Is it required for dhcpd?
...

I don't think we know nearly enough about what the problem is in order
to be able to judge whether or not the solution is acceptable.

Darren

References:
- BPF_MISC+BPF_COP and BPF_COPX
  - From: Mindaugas Rasiukevicius
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Darren Reed
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Mindaugas Rasiukevicius
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Darren Reed
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Steven Bellovin
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Mindaugas Rasiukevicius
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Thor Lancelot Simon
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Matt Thomas

Prev by Date: pf rdr problems?
Next by Date: Network stress testing tools
Previous by Thread: Re: BPF_MISC+BPF_COP and BPF_COPX
Next by Thread: Re: BPF_MISC+BPF_COP and BPF_COPX
Indexes:

Home | Main Index | Thread Index | Old Index