lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Apr 2015 21:27:40 -0700 From: Tom Herbert <tom@...bertland.com> To: <davem@...emloft.net>, <netdev@...r.kernel.org> CC: <jiri@...nulli.us> Subject: [PATCH net-next 6/7] net: Add flow_keys digest Some users of flow keys (well just sch_choke now) need to pass flow_keys in skbuff cb, and use them for exact comparisons of flows so that skb->hash is not sufficient. In order to increase size of the flow_keys structure, we introduce another structure for the purpose of passing flow keys in skbuff cb. We limit this structure to sixteen bytes, and we will technically treat this as a digest of flow_keys struct hence its name flow_keys_digest. In the first incaranation we just copy the flow_keys structure up to 16 bytes-- this is the same information previously passed in the cb. In the future, we'll adapt this for larger flow_keys and could use something like SHA-1 over the whole flow_keys to improve the quality of the digest. Signed-off-by: Tom Herbert <tom@...bertland.com> --- include/net/flow_keys.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/net/flow_keys.h b/include/net/flow_keys.h index dc8fd81..f2610ad 100644 --- a/include/net/flow_keys.h +++ b/include/net/flow_keys.h @@ -42,4 +42,23 @@ static inline __be32 skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 u32 flow_hash_from_keys(struct flow_keys *keys); unsigned int flow_get_hlen(const unsigned char *data, unsigned int max_len, __be16 protocol); + +/* struct flow_keys_digest: + * + * This structure used to hold a digest of the full flow keys. This is a larger + * "hash" of a connection to allow definitively matching specific flows where + * the 32 bit skb_hash is not large enough. The size is limited to 16 bytes + * so that it can by used in CB of skb (see sch_choke for an example). + */ +#define FLOW_KEYS_DIGEST_LEN 16 +struct flow_keys_digest { + u8 data[FLOW_KEYS_DIGEST_LEN]; +}; + +static inline void make_flow_keys_digest(struct flow_keys_digest *digest, + struct flow_keys *flow) +{ + memcpy(&digest->data, flow, FLOW_KEYS_DIGEST_LEN); +} + #endif -- 1.8.1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists