Mahé Tardy led two sessions about some of the challenges that he, Kornilios Kourtis,
and John Fastabend have run into in their work on
Tetragon (Apache-licensed BPF-based security monitoring software)
at the Linux Storage, Filesystem, Memory Management, and BPF Summit. The session
prompted discussion about the feasibility of letting BPF programs
send data over the network, as well as potential new kfuncs to let BPF firewalls
send TCP reset packets. Tardy presented several possible ways that these could be accomplished.
https://lwn.net/Articles/1022034/
--- SBBSecho 3.25-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)