lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20081029052118.GA6412@gerrit.erg.abdn.ac.uk>
Date:	Wed, 29 Oct 2008 06:21:18 +0100
From:	Gerrit Renker <gerrit@....abdn.ac.uk>
To:	Tomasz Grobelny <tomasz@...belny.oswiecenia.net>
Cc:	Arnaldo Carvalho de Melo <acme@...hat.com>, dccp@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH 1/1] [QPOLICY]: Ignore packets with specific priority

| This trivial patch allows qpolicies to be moved to userspace as demonstrated 
| by attached C# code (requires mono). This way userspace-kernelspace interface 
| is dead simple allowing for quite a lot flexibility in designing the way 
| packet buffer is organized.
 

| The basic idea is that we set send buffer size so that only one packet fits in 
| it. Sending second packet while first is inside buffer (has not been sent 
| yet) causes send() to block until ccid allows the first packet to be 'send'. 
One difficulty that I see is what to do when the send socket is non-blocking.

| For each real packet we call send() twice: one 'fake' (will be discarded just 
| before sending) and one 'real' (contains user data). This makes all the 
| waiting to be done on the 'fake' packet making sending the real one really 
| fast. This allows for late data choice without difficult to implement ring 
| buffers shared by user and kernel space or complicated qpolicies code on 
| kernel side.
Maybe purists will not like this since the complexity is now shifted to the
user-kernel interface. But it may well be a start to develop some kind of
new interface which achieves the same in a cleaner way.

In any case, if people would like to test this feature, I'd be happy to fork
a new qpolicy subtree from the test tree.

 
| Results on CCID2 are very promising (near ideal), but CCID3 is somewhat 
| disappointing to the extent I'm starting to think that I'm doing something 
| seriously wrong while testing it.
| 
Can you please narrow down what is happening with CCID-3.  CCID-3 is very
complicated and sensitive, so it is possible that the problem is within
CCID-3 and not the qpolicy code - need more detailed information.


| Therefore I have two questions:
| 1. What do you think about the idea in general?
| 2. Could anybody test the attached code on both CCID2 and CCID3 and send 
|    results/observations to the list?
| 
At the moment this is just enough code to allow a what seems to me working
proof-of-concept implementation. 

I don't have mono installed and need to prioritise with time - the highest
priority at the moment is to keep the test tree up to date and bug-free.

If a stable interface evolves out of this development work, it would be
great to integrate it with the existing (C flat) code
http://www.erg.abdn.ac.uk/users/gerrit/dccp/apps/#DCCP_Library


| --- a/net/dccp/qpolicy.c
| +++ b/net/dccp/qpolicy.c

| @@ -120,11 +122,11 @@ struct sk_buff *dccp_qpolicy_pop(struct sock *sk)
|  {
|  	struct sk_buff *skb = dccp_qpolicy_top(sk);
|  
| -	/* Clear any skb fields that we used internally */
| -	skb->priority = 0;
| -
| -	if (skb)
| +	if (skb) {
| +		/* Clear any skb fields that we used internally */
| +		skb->priority = 0;
|  		skb_unlink(skb, &sk->sk_write_queue);
| +	}
|  	return skb;
|  }
Thank you for the above hunk -- since it fixes in fact a potential source of
trouble, I have merged it into the patch entitled "dccp: Policy-based packet
dequeueing infrastructure" and updated the test tree to use this patch.
http://eden-feed.erg.abdn.ac.uk/cgi-bin/gitweb.cgi?p=dccp_exp.git;a=commitdiff;h=ffc6589ad8fb51edb37f31cbad9b913e9b47f630
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ