lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Apr 2023 16:34:43 +0100
From:   Alan Maguire <alan.maguire@...cle.com>
To:     rostedt@...dmis.org, mhiramat@...nel.org
Cc:     corbet@....net, shuah@...nel.org,
        linux-trace-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
        Alan Maguire <alan.maguire@...cle.com>
Subject: [PATCH v2 tracing 0/6] tracing: additional filter predicates

For cases like IPv6 addresses, having a means to supply tracing
predicates for fields with more than 8 bytes would be convenient.
This series provides a simple way to support this by allowing
simple ==, != memory comparison with the predicate supplied when
the size of the field exceeds 8 bytes.  For example, to trace
::1, the predicate

        "dst == 0x00000000000000000000000000000001"

..could be used.  Patch 1 implements this.

As a convenience, support for IPv4, IPv6 and MAC addresses are
also included; patches 2-4 cover these and allow simpler
comparisons which do not require getting the exact number of
bytes right; for exmaple

	"dst == ::1"
	"src != 127.0.0.1"
	"mac_addr == ab:cd:ef:01:23:45"

Patch 5 adds tests for existing and new filter predicates, and patch 6
documents the fact that for the various addresses supported and
the >8 byte memory comparison. only == and != are supported.

Changes since v1 [1]:

- added support for IPv4, IPv6 and MAC addresses (patches 2-4)
  (Masami and Steven)
- added selftests for IPv4, IPv6 and MAC addresses and updated
  docs accordingly (patches 5,6)

Changes since RFC [2]:

- originally a fix was intermixed with the new functionality as
  patch 1 in series [2]; the fix landed separately
- small tweaks to how filter predicates are defined via fn_num as
  opposed to via fn directly

[1] https://lore.kernel.org/linux-trace-kernel/1682414197-13173-1-git-send-email-alan.maguire@oracle.com/
[22] https://lore.kernel.org/lkml/1659910883-18223-1-git-send-email-alan.maguire@oracle.com/

Alan Maguire (6):
  tracing: support > 8 byte array filter predicates
  tracing: support IPv4 address filter predicate
  tracing: support IPv6 filter predicates
  tracing: support MAC address filter predicates
  selftests/ftrace: add test coverage for filter predicates
  tracing: document IPv4, IPv6, MAC address and > 8 byte numeric
    filtering support

 Documentation/trace/events.rst                |  21 +++
 kernel/trace/trace_events_filter.c            | 164 +++++++++++++++++-
 .../selftests/ftrace/test.d/event/filter.tc   |  91 ++++++++++
 3 files changed, 275 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/ftrace/test.d/event/filter.tc

-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ