Re: [PATCH RFC bpf-next 0/6] bpf: introduce cgroup-bpf bind, connect, post-bind hooks

On Wed, Mar 14, 2018 at 10:22:03AM -0700, Mahesh Bandewar (महेश बंडेवार) wrote: > On Tue, Mar 13, 2018 at 8:39 PM, Alexei Starovoitov wrote: > > For our container management we've been using complicated and fragile setup > > consisting of LD_PRELOAD wrapper intercepting bind and

Re: [PATCH RFC bpf-next 0/6] bpf: introduce cgroup-bpf bind, connect, post-bind hooks

On Wed, Mar 14, 2018 at 10:13:22AM -0700, David Ahern wrote: > On 3/13/18 8:39 PM, Alexei Starovoitov wrote: > > For our container management we've been using complicated and fragile setup > > consisting of LD_PRELOAD wrapper intercepting bind and connect calls from > > all containerized

Re: [PATCH RFC bpf-next 0/6] bpf: introduce cgroup-bpf bind, connect, post-bind hooks

On Tue, Mar 13, 2018 at 8:39 PM, Alexei Starovoitov wrote: > For our container management we've been using complicated and fragile setup > consisting of LD_PRELOAD wrapper intercepting bind and connect calls from > all containerized applications. > The setup involves

Re: [PATCH RFC bpf-next 0/6] bpf: introduce cgroup-bpf bind, connect, post-bind hooks

On 3/13/18 8:39 PM, Alexei Starovoitov wrote: > For our container management we've been using complicated and fragile setup > consisting of LD_PRELOAD wrapper intercepting bind and connect calls from > all containerized applications. > The setup involves per-container IPs, policy, etc, so

[PATCH RFC bpf-next 0/6] bpf: introduce cgroup-bpf bind, connect, post-bind hooks

For our container management we've been using complicated and fragile setup consisting of LD_PRELOAD wrapper intercepting bind and connect calls from all containerized applications. The setup involves per-container IPs, policy, etc, so traditional network-only solutions that involve VRFs, netns,