lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 29 Jun 2018 17:27:22 -0700
From:   Tushar Dave <tushar.n.dave@...cle.com>
To:     Daniel Borkmann <daniel@...earbox.net>, ast@...nel.org,
        davem@...emloft.net, jakub.kicinski@...ronome.com,
        quentin.monnet@...ronome.com, jiong.wang@...ronome.com,
        guro@...com, sandipan@...ux.vnet.ibm.com, john.fastabend@...il.com,
        kafai@...com, rdna@...com, brakmo@...com, netdev@...r.kernel.org,
        acme@...hat.com, sowmini.varadhan@...cle.com
Subject: Re: [RFC v2 PATCH 2/4] ebpf: Add sg_filter_run and sg helper



On 06/29/2018 01:32 AM, Daniel Borkmann wrote:
> On 06/19/2018 08:00 PM, Tushar Dave wrote:
> [...]
>> +int sg_filter_run(struct sock *sk, struct scatterlist *sg)
>> +{
>> +	struct sk_filter *filter;
>> +	int err;
>> +
>> +	rcu_read_lock();
>> +	filter = rcu_dereference(sk->sk_filter);
>> +	if (filter) {
>> +		struct bpf_scatterlist bpfsg;
>> +		int num_sg;
>> +
>> +		if (!sg) {
>> +			err = -EINVAL;
>> +			goto out;
>> +		}
>> +
>> +		num_sg = sg_nents(sg);
>> +		if (num_sg <= 0) {
>> +			err = -EINVAL;
>> +			goto out;
>> +		}
>> +
>> +		/* We store a reference  to the sg list so it can later used by
>> +		 * eBPF helpers to retrieve the next sg element.
>> +		 */
>> +		bpfsg.num_sg = num_sg;
>> +		bpfsg.cur_sg = 0;
>> +		bpfsg.sg = sg;
>> +
>> +		/* For the first sg element, we store the pkt access pointers
>> +		 * into start and end so eBPF program can have pkt access using
>> +		 * data and data_end. The pkt access for subsequent element of
>> +		 * sg list is possible when eBPF program invokes bpf_sg_next
>> +		 * which takes care of setting start and end to the correct sg
>> +		 * element.
>> +		 */
>> +		bpfsg.start = sg_virt(sg);
>> +		bpfsg.end = bpfsg.start + sg->length;
>> +		BPF_PROG_RUN(filter->prog, &bpfsg);
> 
> Return code here from BPF prog is ignored entirely, I thought you wanted to
> use it also for dropping packets? If UAPI would get frozen like this then it's
> baked in stone.

Yeah, I am going to add return code necessary for pass, drop and
forward. I will do that. Thanks.

-Tushar

> 
>> +	}
>> +out:
>> +	rcu_read_unlock();
>> +
>> +	return err;
>> +}
>> +EXPORT_SYMBOL(sg_filter_run);
> 

Powered by blists - more mailing lists