lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Jun 2018 17:27:22 -0700 From: Tushar Dave <tushar.n.dave@...cle.com> To: Daniel Borkmann <daniel@...earbox.net>, ast@...nel.org, davem@...emloft.net, jakub.kicinski@...ronome.com, quentin.monnet@...ronome.com, jiong.wang@...ronome.com, guro@...com, sandipan@...ux.vnet.ibm.com, john.fastabend@...il.com, kafai@...com, rdna@...com, brakmo@...com, netdev@...r.kernel.org, acme@...hat.com, sowmini.varadhan@...cle.com Subject: Re: [RFC v2 PATCH 2/4] ebpf: Add sg_filter_run and sg helper On 06/29/2018 01:32 AM, Daniel Borkmann wrote: > On 06/19/2018 08:00 PM, Tushar Dave wrote: > [...] >> +int sg_filter_run(struct sock *sk, struct scatterlist *sg) >> +{ >> + struct sk_filter *filter; >> + int err; >> + >> + rcu_read_lock(); >> + filter = rcu_dereference(sk->sk_filter); >> + if (filter) { >> + struct bpf_scatterlist bpfsg; >> + int num_sg; >> + >> + if (!sg) { >> + err = -EINVAL; >> + goto out; >> + } >> + >> + num_sg = sg_nents(sg); >> + if (num_sg <= 0) { >> + err = -EINVAL; >> + goto out; >> + } >> + >> + /* We store a reference to the sg list so it can later used by >> + * eBPF helpers to retrieve the next sg element. >> + */ >> + bpfsg.num_sg = num_sg; >> + bpfsg.cur_sg = 0; >> + bpfsg.sg = sg; >> + >> + /* For the first sg element, we store the pkt access pointers >> + * into start and end so eBPF program can have pkt access using >> + * data and data_end. The pkt access for subsequent element of >> + * sg list is possible when eBPF program invokes bpf_sg_next >> + * which takes care of setting start and end to the correct sg >> + * element. >> + */ >> + bpfsg.start = sg_virt(sg); >> + bpfsg.end = bpfsg.start + sg->length; >> + BPF_PROG_RUN(filter->prog, &bpfsg); > > Return code here from BPF prog is ignored entirely, I thought you wanted to > use it also for dropping packets? If UAPI would get frozen like this then it's > baked in stone. Yeah, I am going to add return code necessary for pass, drop and forward. I will do that. Thanks. -Tushar > >> + } >> +out: >> + rcu_read_unlock(); >> + >> + return err; >> +} >> +EXPORT_SYMBOL(sg_filter_run); >
Powered by blists - more mailing lists