Versions Compared

Old Version 10

changes.mady.by.user LJ Illuzzi

Saved on

compared with

New Version 11

changes.mady.by.user Daniel Havey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

  • PEN request

    • Raga: Schedule call after this meeting
    • Dave: What layer of the org is the PEN assigned to?
      • L3AFD project, LF, L3AFP?
    • Louis: Just put it under LFN. Ramnifications?
    • Dave: Next PEN would probably have a sub-delegation under the original PEN
      • This is how MSFT does this so that there is a single management point.
    • Lous: Difference between L3AFd and L3AFP?
      • Dave: Github organization with different GitHub repos under it.
    • Louis: PEN that covers L3AF as a project and all current and future repos?
    • Dave: Common use of PENS is for OID and PEN is inserted into the OID with arbitrary number of layers underneath.
      • OIDs are used in x.509 certificats, etc.
    • Lous: How are we going to use the PEN for L3AF? Want a PEN that covers all of L3AF, but not all of LF or LFN,
      • Raga: As part of flow exporter we will add custom field support identified with PEN number.
    • Dave: Inventing a new slot that fields are going to go in, can it be just an array of fields of integers?
    • Raga: Will dig more and find out?
    • Dave: It matters to how we will fill out the application.
    • Raga: This is a requirement for the flow_exporter. We will not need another PEN number for L3AF.
    • Lous: Will reconsult with legal and set up call with Raga. Review by email with rest of L3AF team (if this is doable).
    • Dave: It's just a simple web form and cannot be pending
    • Dave: Do we use LF, L3AFP or L3AFd for the name?
      • Lous: Will discuss with legal.
    • Dev testing forum
      • Set date and time for MSFT presentation
  • Cross platform signing
  • Matteo: No way to do cross platform signing with eBPF programs
    • Implementation that allows loading eBPF programs to kernel that takes care of relocation
    • Created patch that does this. Creates eBPF prog and adds sig to it.
    • Dave: talked about 3 peices in kernel function marketplace
      • Orchestrator pulls stuff from marketplace
      • Can you put signed programs in the marketplace
      • We are discussing an option that allows remote distribution and is compatible with L3AF.
      • The other approach does not play well with the L3AF vision that we have discussed.
    • Vicky: Do we have representation as the L3AF at the kernel level where these decisions will be made?
      • Dave: Need Karan, Chris, ect. If we had a collective decision it would carry more weight.
        • This could be a call to create new contacts.
    • Dave: This discussion is happening on the Linux kernel list
      • MSFT would like cross-platform
      • Move to the eBPF foundation (which is cross-platform)?
    • Dave: Next BPF steering committee meeting would like L3AF to present.
      • Invited Karan.
    • Dave: BSC does not officially have an answer if the meeting is open.
      • Still have time to ask. Should be a yes answer (at least for this meeting)
    • Matteo: Proposed to BPF ML & then another solution appeared from the BPF maintainer
      • Very different solution: create an approve-list of programs that can load BPF programs
      • Only allow programs loaded from progs on this approve-list
      • Suspects this solution won't be cross-platform: verification requires Linux fs verity method
        • Also allows L3AFd to install anything it wants if L3AFd is in the allow list, Could be a security flaw
      • Matteo's approach allows individual signing and allows individual verfication, reputation, etc.
      • Raga: Where is the signature exactly? Do you still have the verification step on signed programs? Use case please.
      • Matteo: XDP. SOme BPF programs take actions on packets. These can be loaded and attached to network drivers.
        • Malicious programs can mangle pacet traffic (very dnagerous). Must make sure that program is safe.
      • Dave: Big value add: signing instead of verification step.
        • Verification step can be CPU intensive. Signature check is cheap.
        • Verification and signing together does not give this benefit. This is what the patch does.
      • Raga: Does this work for UM progs also? Yes.
      • Dave: Other approach with white list? How is this different from cap BPF?
        • Matteo: Whitelist  enforces Cap BPF.
      • Dave: L3AFd pushes out both kernel function as well as a program that can use the kernel function.
        • Matteo: Whitelist is a list programs that can be loaded
      • Matteo: Sig verification is before verification check.
      • Dave: Also reduces DOS style attacks.
        • If sig check fails then verification does not run and waste cycles.
      • Santhosh: Verifier runs only once at load time.
        • Dave: Yes, but you can spin the loader.
    • Dave: That is the intro.
      • If we can get several orgs to support this then we can approach the BSC.
    • Vicky: Once the video for the call is available we can take this to the mailing list.
    • Lous: Cancelling next weeks call on the 22nd?
    • Dave: Nope, on vacation.
    • Vicky: Probably most people have made plans so Jan 5th would be better.
    • Matteo: PR is urgent for MSFT because we want a signature system.
      • It's too dangerous to load untrusted BPF programs
    • Dave: Please post opinions on Linux Kernel mailing list sooner rather than later.
    • Dave: Include signing into the BSC meeting on Jan 12th at 1PM PST.
  • Lous: Please register for Dev and Test Forum

Action Items

  •  Schdule Dev & Testing Forum L3AF session (LJ/Daniel/Poorna)
  •  Schedule call with Raga to fill out the PEN application. (LJ/Raga)
  •  Ask BSC if the meeting can be open to the public (Dave)
  •  Vicky: Will post to mailing list so that people can discuss signing on list after watching video.

Future Agenda Items


***** Minutes from previous call *****

...