On Wednesday, August 16, 2023 4:46 PM Stephen Hemminger <[email protected]> wrote:
> On Wed, 16 Aug 2023 15:25:52 +0200 > Mykola Kostenok <[email protected]> wrote: > > > From: Christian Koue Muf <[email protected]> > > > > The socket connection is used by Napatech's tools for monitoring and > > rte_flow programming from other processes. > > > > Signed-off-by: Christian Koue Muf <[email protected]> > > Reviewed-by: Mykola Kostenok <[email protected]> > > I would prefer that this be general and work with other PMD's. > Why is existing telemetry model not good enough? The existing telemetry is good enough in many cases. The problems arise in multi-container environments. The design of Napatech's adapters is that they only have 1 PF, which is owned by a single process in a single container. Other containers will only have access to VFs, which do not provide any metrics. The ntconnect socket will allow remote applications to access data from the application that owns the PF. I understand your concerns for security. My suggestion would be to disable the code using meson.build config by default.
