| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jun 2008 19:05:45 +0100 From: Gerrit Renker <gerrit@....abdn.ac.uk> To: Tomasz Grobelny <tomasz@...belny.oswiecenia.net> Cc: acme@...hat.com, dccp@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH 1/1] [DCCP][QPOLICY]: Make information about qpolicies available to userspace | > Yes having them separate gives a clearer semantics. But it comes at a price | > - to retrieve the parameters, we need an extra function or lookup table. | > | An additional bitfield in dccp_qpolicy_operations should do it when it comes | to storing that information. When it comes to retrieving see next point... | | > Maybe there is an elegant solution which allows to encode the required | > parameters while keeping the semantics clear? | > | What about something like: | setsockopt(sockfd, DCCP_SOCKOPT_QPOLICY_ID, DCCPQ_POLICY_PRIO); | to choose policy (exactly as it is now) and a new function to ensure that the | kernel understands parameters: | setsockopt(sockfd, DCCP_SOCKOPT_QPOLICY_PARAMS, DCCP_SCM_PRIORITY | DCCP_SCM_TIMEOUT); | | The second call would return an error if the kernel does not know anything | about DCCP_SCM_TIMEOUT (or a choosen policy does not support it). This would | have the additional benefit (over similar getsockopt) that the kernel will be | able to optimize its behaviour knowning the set of parameters that will be | used. | | What do you think about such an interface? | -- In both solutions there is a need to maintain an integrity constraint between the qpolicy ID and the set of parameters that the qpolicy uses. With the bitmask approach this constraint is expressed only once, when the policy is defined in the source file. With the socket approach, the constraint needs to be expressed each time the policy is used. I don't know your reservations against the bitmask approach (other than the semantics), but I find having to define the parameters each time the qpolicy is used cumbersome, and it can also be a source of errors. Gerrit -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists