lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9c4cebb7-514c-f7fd-1f95-50837460eb66@oracle.com>
Date:   Tue, 25 Apr 2023 18:15:03 +0100
From:   Alan Maguire <alan.maguire@...cle.com>
To:     "Masami Hiramatsu (Google)" <mhiramat@...nel.org>
Cc:     rostedt@...dmis.org, corbet@....net, shuah@...nel.org,
        linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH tracing 0/3] tracing: support > 8 byte filter predicates

On 25/04/2023 15:32, Masami Hiramatsu (Google) wrote:
> On Tue, 25 Apr 2023 10:16:34 +0100
> Alan Maguire <alan.maguire@...cle.com> wrote:
> 
>> For cases like IPv6 addresses, having a means to supply tracing
>> predicates for fields with more than 8 bytes would be convenient.
>> This series provides a simple way to support this by allowing
>> simple ==, != memory comparison with the predicate supplied when
>> the size of the field exceeds 8 bytes.  For example, to trace
>> ::1, the predicate
>>
>> 	"dst == 0x00000000000000000000000000000001"
>>
>> ..could be used.
> 
> Nice!
> And I also would like to use something like "dst == ipv6(::1)" because
> it seems easy to make a mistake on the number of zeros.
> 
> Can we add such type casting feature to the filter?
>

that's a great idea; what would be the most consistent ftrace syntax
for this do you think? I noticed that hist triggers append a modifier
to the field name so would something like

"dst.ipv6 == ::1"

make sense maybe? Thanks!

Alan

 
> Thank you,
> 
>>
>> Patch 1 provides the support for > 8 byte fields via a memcmp()-style
>> predicate. Patch 2 adds tests for filter predicates, and patch 3
>> documents the fact that for > 8 bytes. only == and != are supported.
>>
>> Changes since RFC [1]:
>>
>> - originally a fix was intermixed with the new functionality as
>>   patch 1 in series [1]; the fix landed separately
>> - small tweaks to how filter predicates are defined via fn_num as
>>   opposed to via fn directly
>>
>> [1] https://lore.kernel.org/lkml/1659910883-18223-1-git-send-email-alan.maguire@oracle.com/
>>
>> Alan Maguire (3):
>>   tracing: support > 8 byte array filter predicates
>>   selftests/ftrace: add test coverage for filter predicates
>>   tracing: document > 8 byte numeric filtering support
>>
>>  Documentation/trace/events.rst                |  9 +++
>>  kernel/trace/trace_events_filter.c            | 55 +++++++++++++++-
>>  .../selftests/ftrace/test.d/event/filter.tc   | 62 +++++++++++++++++++
>>  3 files changed, 125 insertions(+), 1 deletion(-)
>>  create mode 100644 tools/testing/selftests/ftrace/test.d/event/filter.tc
>>
>> -- 
>> 2.31.1
>>
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ