lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Dec 2015 21:41:27 +0100 From: Willy Tarreau <w@....eu> To: Tom Herbert <tom@...bertland.com> Cc: Eric Dumazet <eric.dumazet@...il.com>, cgallek@...gle.com, Josh Snyder <josh@...e406.com>, Tolga Ceylan <tolga.ceylan@...il.com>, Aaron Conole <aconole@...heb.org>, "David S. Miller" <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: [PATCH 1/1] net: Add SO_REUSEPORT_LISTEN_OFF socket option as drain mode On Mon, Dec 21, 2015 at 12:38:27PM -0800, Tom Herbert wrote: > On Fri, Dec 18, 2015 at 11:00 PM, Willy Tarreau <w@....eu> wrote: > > On Fri, Dec 18, 2015 at 06:38:03PM -0800, Eric Dumazet wrote: > >> On Fri, 2015-12-18 at 19:58 +0100, Willy Tarreau wrote: > >> > Hi Josh, > >> > > >> > On Fri, Dec 18, 2015 at 08:33:45AM -0800, Josh Snyder wrote: > >> > > I was also puzzled that binding succeeded. Looking into the code paths > >> > > involved, in inet_csk_get_port, we quickly goto have_snum. From there, we end > >> > > up dropping into tb_found. Since !hlist_empty(&tb->owners), we end up checking > >> > > that (tb->fastreuseport > 0 && sk->sk_reuseport && uid_eq(tb->fastuid, uid)). > >> > > This test passes, so we goto success and bind. > >> > > > >> > > Crucially, we are checking the fastreuseport field on the inet_bind_bucket, and > >> > > not the sk_reuseport variable on the other sockets in the bucket. Since this > >> > > bit is set based on sk_reuseport at the time the first socket binds (see > >> > > tb_not_found), I can see no reason why sockets need to keep SO_REUSEPORT set > >> > > beyond initial binding. > >> > > > >> > > Given this, I believe Willy's patch elegantly solves the problem at hand. > >> > > >> > Great, thanks for your in-depth explanation. > >> > > >> > Eric, do you think that this patch may be acceptable material for next > >> > merge window (given that it's not a fix per-se) ? If so I'll resubmit > >> > later. > >> > >> I need to check with Craig Gallek, because he was about to upstream a > >> change to make SO_REUSEPORT more scalable & sexy (like having an [e]BPF > >> filter to perform the selection in an array of sockets) > > > > OK fine. Please note that I also considered using a new value instead of > > zero there but I preferred to avoid it since the man talked about zero/ > > non-zero so I wanted to limit any API change. If Craig adds new values > > there then this is something we can reconsider. > > > Is there any reason why this turning off a soreuseport socket should > not apply to UDP also? (seems like we have a need to turn off RX but > not TX for a UDP socket). I didn't know it was supported for UDP :-) I guess that's the only reason. willy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists