From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Tue, 20 Feb 2018 11:44:31 +0100 > * Lack of sufficient abstraction: bpf is not only exposing its own > software bugs through its interface, but it will also bite the dust > with CPU bugs due to lack of glue code to hide details behind the > syscall interface curtain. That will need a kernel upgrade after all to > fix, so all benefits of adding new programs. We've even seem claims on > performance being more important than security in this mailing list. > Don't get me wrong, no software is safe from security issues, but if you > don't abstract your resources in the right way, you have more chance to > have experimence more problems. I find it surprising that the person who didn't even know that generating classical BPF was not appropriate in his patches is suddenly a complete expert on eBPF and all of it's shortcomings. Pablo, I am sincerely very disappointed in you, and if you continue to attack eBPF in such an ignorant way going forward we will have a very hard time taking you seriously at all. Thank you. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
