| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 Mar 2018 01:42:42 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: john.fastabend@...il.com
Cc: ast@...nel.org, daniel@...earbox.net, netdev@...r.kernel.org,
davejwatson@...com
Subject: Re: [bpf-next PATCH 05/16] bpf: create tcp_bpf_ulp allowing BPF to
monitor socket TX/RX data
From: John Fastabend <john.fastabend@...il.com>
Date: Mon, 5 Mar 2018 22:22:21 -0800
> All I meant by this is if an application uses sendfile() call
> there is no good way to know when/if the kernel side will copy or
> xmit the data. So a reliable user space application will need to
> only modify the data if it "knows" there are no outstanding sends
> in-flight. So if we assume applications follow this then it
> is OK to avoid the copy. Of course this is not good enough for
> security, but for monitoring/statistics (my use case 1 it works).
For an application implementing a networking file system, it's pretty
legitimate for file contents to change before the page gets DMA's to
the networking card.
And that's perfectly fine, and we everything such that this will work
properly.
The card checksums what ends up being DMA'd so nothing from the
networking side is broken.
So this assumption you mention really does not hold.
There needs to be some feedback from the BPF program that parses the
packet. This way it can say, "I need at least X more bytes before I
can generate a verdict". And you keep copying more and more bytes
into a linear buffer and calling the parser over and over until it can
generate a full verdict or you run out of networking data.
Powered by blists - more mailing lists