lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Jun 2017 15:35:49 -0700
From:   Chenbo Feng <chenbofeng.kernel@...il.com>
To:     netdev@...r.kernel.org
Cc:     Lorenzo Colitti <lorenzo@...gle.com>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Chenbo Feng <fengc@...gle.com>
Subject: Question about tcp_filter() in tcp_v6_do_rcv()

Hello everybody,

I am testing eBPF programs on ipv6 and I just find out the tcp_filter() 
function (previously named sk_filter()) is called both in tcp_v6_rcv() 
and tcp_v6_do_rcv(). In contrast, it is only called by tcp_v4_rcv() in 
ipv4 layer. I guess this implementation is used to capture some corner 
cases in ipv6 ingress route but I cannot find why. Could I know why we 
need this in two similar places in ipv6 transportation layer?

I have tried to dig into the commit history and the related code path 
but I did not see any obvious reason for doing so. And my problem with 
it is when a eBPF program is attached to a socket or a cgroup in ingress 
side, the filter program will be applied on some packets twice. And it 
affect the accuracy when using eBPF program for traffic accounting.

Thanks!

Chenbo Feng

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ