lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Sep 2014 17:22:40 -0700 From: Rick Jones <rick.jones2@...com> To: Eric Dumazet <eric.dumazet@...il.com> CC: netdev@...r.kernel.org Subject: Re: Philosophical question: Is a UDP multicast datagram for which there is no socket match a drop or an ignore? On 09/30/2014 04:23 PM, Eric Dumazet wrote: > On Tue, 2014-09-30 at 16:09 -0700, Rick Jones wrote: >> I've been looking at some additional perf <mutter> -e skb_kfree_skb >> results, this time with a laptop connected to a corporate network with a >> large number of Windows systems sending out what they are wont to >> send... The laptop is just sitting there no active netperfs or anything :) >> >> I see profile hits for __udp4_lib_mcast_deliver() which has a >> kfree_skb() call which will happen if either there were no sockets >> found, or if an integral multiple of ARRAY_SIZE(stack) sockets are >> found. I'm assuming the latter is exceedingly rare. >> >> Anywho, the philosophical question - is such a situation a drop >> (indicating the existing kfree_skb()), or is it an ignore (indicating a >> consume_skb())? Should there be a statistic incremented for either of >> those? > > I guess we lack a UDP_MIB_NOPORTS increase here. I was going back and forth on that - since it is a multicast it may not have really been directed at us in which case it would be an ignore (and perhaps a new "ignored" stat?). But on the assumption that it should indeed remain a drop, and so a kfree_skb(), something along the lines of: diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index cd0db54..376e3d3 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1656,6 +1656,7 @@ static int __udp4_lib_mcast_deliver(struct net *net, struc int dif = skb->dev->ifindex; unsigned int count = 0, offset = offsetof(typeof(*sk), sk_nulls_node); unsigned int hash2 = 0, hash2_any = 0, use_hash2 = (hslot->count > 10); + unsigned int inner_flushed = 0; if (use_hash2) { hash2_any = udp4_portaddr_hash(net, htonl(INADDR_ANY), hnum) & @@ -1694,8 +1695,12 @@ start_lookup: */ if (count) { flush_stack(stack, count, skb, count - 1); - } else { + } else if (!inner_flushed) { + UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, 0); kfree_skb(skb); + } else { + /* there were matches flushed in the for_each */ + consume_skb(skb); } return 0; } ? The idea being that in the unlikely event there were indeed enough matches to trigger the flush_stack in the for_each and only enough for that it will be a consume_skb() and no statistic rather than a kfree_skb() and a statistic increment. (likely munged by my mailer) rick -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists