lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  5 Apr 2017 19:00:54 -0700
From:   Chenbo Feng <chenbofeng.kernel@...il.com>
To:     netdev@...r.kernel.org
Cc:     Lorenzo Colitti <lorenzo@...gle.com>,
        Willem de Bruijn <willemb@...gle.com>,
        Chenbo Feng <fengc@...gle.com>
Subject: [PATCH net-next 0/2] New getsockopt option to retrieve socket cookie

From: Chenbo Feng <fengc@...gle.com>


In the current kernel socket cookie implementation, there is no simple
and direct way to retrieve the socket cookie based on file descriptor. A
process mat need to get it from sock fd if it want to correlate with
sock_diag output or use a bpf map with new socket cookie function.

If userspace wants to receive the socket cookie for a given socket fd,
it must send a SOCK_DIAG_BY_FAMILY dump request and look for the 5-tuple.
This is slow and can be ambiguous in the case of sockets that have the
same 5-tuple (e.g., tproxy / transparent sockets, SO_REUSEPORT sockets,
etc.).

As shown in the example program. The xt_eBPF program is using socket cookie
to record the network traffics statistics and with the socket cookie
retrieved by getsockopt. The program can directly access to a specific
socket data without scanning the whole bpf map.

Chenbo Feng (2):
  New getsockopt option to get socket cookie
  Sample program using SO_COOKIE

 arch/alpha/include/uapi/asm/socket.h         |   2 +
 arch/avr32/include/uapi/asm/socket.h         |   2 +
 arch/frv/include/uapi/asm/socket.h           |   2 +
 arch/ia64/include/uapi/asm/socket.h          |   2 +
 arch/m32r/include/uapi/asm/socket.h          |   2 +
 arch/mips/include/uapi/asm/socket.h          |   2 +
 arch/mn10300/include/uapi/asm/socket.h       |   2 +
 arch/parisc/include/uapi/asm/socket.h        |   2 +
 arch/powerpc/include/uapi/asm/socket.h       |   2 +
 arch/s390/include/uapi/asm/socket.h          |   2 +
 arch/sparc/include/uapi/asm/socket.h         |   2 +
 arch/xtensa/include/uapi/asm/socket.h        |   2 +
 include/uapi/asm-generic/socket.h            |   2 +
 net/core/sock.c                              |   4 +
 samples/bpf/cookie_uid_helper_example.c      | 112 ++++++++++++++++++++++-----
 samples/bpf/run_cookie_uid_helper_example.sh |   4 +-
 16 files changed, 124 insertions(+), 22 deletions(-)
 mode change 100644 => 100755 samples/bpf/run_cookie_uid_helper_example.sh

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ