lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 27 Nov 2023 15:04:38 -0800
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org,
 daniel@...earbox.net, davem@...emloft.net, dsahern@...nel.org,
 edumazet@...gle.com, haoluo@...gle.com, john.fastabend@...il.com,
 jolsa@...nel.org, kpsingh@...nel.org, kuba@...nel.org, kuni1840@...il.com,
 mykolal@...com, netdev@...r.kernel.org, pabeni@...hat.com, sdf@...gle.com,
 song@...nel.org, yonghong.song@...ux.dev
Subject: Re: [PATCH v3 bpf-next 10/11] bpf: tcp: Support arbitrary SYN Cookie.

On 11/22/23 4:31 PM, Kuniyuki Iwashima wrote:
> From: Martin KaFai Lau <martin.lau@...ux.dev>
> Date: Wed, 22 Nov 2023 15:19:29 -0800
>> On 11/21/23 10:42 AM, Kuniyuki Iwashima wrote:
>>> diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h
>>> index 533a7337865a..9a67f47a5e64 100644
>>> --- a/include/net/inet6_hashtables.h
>>> +++ b/include/net/inet6_hashtables.h
>>> @@ -116,9 +116,23 @@ struct sock *inet6_steal_sock(struct net *net, struct sk_buff *skb, int doff,
>>>    	if (!sk)
>>>    		return NULL;
>>>    
>>> -	if (!prefetched || !sk_fullsock(sk))
>>> +	if (!prefetched)
>>>    		return sk;
>>>    
>>> +	if (sk->sk_state == TCP_NEW_SYN_RECV) {
>>> +#if IS_ENABLED(CONFIG_SYN_COOKIE)
>>> +		if (inet_reqsk(sk)->syncookie) {
>>> +			*refcounted = false;
>>> +			skb->sk = sk;
>>> +			skb->destructor = sock_pfree;
>>
>> Instead of re-init the skb->sk and skb->destructor, can skb_steal_sock() avoid
>> resetting them to NULL in the first place and skb_steal_sock() returns the
>> rsk_listener instead?
> 
> Yes, but we need to move skb_steal_sock() to request_sock.h or include it just

Moving it seems better than including a header in the middle. Not sure if 
inet_sock.h or request_sock.h is a better target.


> before skb_steal_sock() in sock.h like below.  When I include request_sock.h in
> top of sock.h, there were many build errors.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ