On Tue, 01 Jun 2021 17:22:51 -0700 John Fastabend wrote: > > If we do this, the BPF program obviously needs to know which fields are > > valid and which are not. AFAICT you're proposing that this should be > > done out-of-band (i.e., by the system administrator manually ensuring > > BPF program config fits system config)? I think there are a couple of > > problems with this: > > > > - It requires the system admin to coordinate device config with all of > > their installed XDP applications. This is error-prone, especially as > > the number of applications grows (say if different containers have > > different XDP programs installed on their virtual devices). > > A complete "system" will need to be choerent. If I forward into a veth > device the orchestration component needs to ensure program sending > bits there is using the same format the program installed there expects. > > If I tailcall/fentry into another program that program the callee and > caller need to agree on the metadata protocol. > > I don't see any way around this. Someone has to manage the network. FWIW I'd like to +1 Toke's concerns. In large deployments there won't be a single arbiter. Saying there is seems to contradict BPF maintainers' previous stand which lead to addition of bpf_links for XDP. In practical terms person rolling out an NTP config change may not be aware that in some part of the network some BPF program expects descriptor not to contain time stamps. Besides features may depend or conflict so the effects of feature changes may not be obvious across multiple drivers in a heterogeneous environment. IMO guarding from obvious mis-configuration provides obvious value.
