On Tue, Sep 13, 2016 at 09:42:19PM -0700, Alexei Starovoitov wrote: [...] > For us this cgroup+bpf is _not_ for filterting and _not_ for security. If your goal is monitoring, then convert these hooks not to allow to issue a verdict on the packet, so this becomes inoquous in the same fashion as the tracing infrastructure. [...] > I'd really love to have an alternative to bpf for such tasks, > but you seem to spend all the energy arguing against bpf whereas > nft still has a lot to be desired. Please Alexei, stop that FUD. Anyone that has spent just one day using the bpf tooling and infrastructure knows you have problems to resolve... -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
