lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 7 Nov 2008 09:39:30 -0800
From:	Ranjit Manomohan <ranjitm@...gle.com>
To:	Thomas Graf <tgraf@...g.ch>
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [RESEND] pkt_sched: Control group classifier

On Fri, Nov 7, 2008 at 9:08 AM, Thomas Graf <tgraf@...g.ch> wrote:
> * Ranjit Manomohan <ranjitm@...gle.com> 2008-11-07 07:51
>> > +static int cls_cgroup_classify(struct sk_buff *skb, struct tcf_proto *tp,
>> > +                              struct tcf_result *res)
>> > +{
>> > +       struct cls_cgroup_head *head = tp->root;
>> > +       struct cgroup_cls_state *cs;
>> > +       int ret = 0;
>> > +
>> > +       /*
>> > +        * Due to the nature of the classifier it is required to ignore all
>> > +        * packets originating from softirq context as accessing `current'
>> > +        * would lead to false results.
>> > +        *
>> > +        * This test assumes that all callers of dev_queue_xmit() explicitely
>> > +        * disable bh. Knowing this, it is possible to detect softirq based
>> > +        * calls by looking at the number of nested bh disable calls because
>> > +        * softirqs always disables bh.
>> > +        */
>> > +       if (softirq_count() != SOFTIRQ_OFFSET)
>> > +               return -1;
>> > +
>>
>>     How about caching the cs->classid in the socket here at this point
>> (if there is a mismatch from the current cgroup value)  if we are in
>> process context and using that value if we are in interrupt context.
>> That should help account for the packets in interrupt context and work
>> seamlessly if the task got moved between cgroups or if the cgroup
>> identifier was changed.
>
> I like the idea, the overhead is relatively small and the sk_buff struct
> does not get polluted. There will still be cases where the skb has been
> orphaned and is no longer connected to a socket but that case is pretty
> rare.
>
> Will you work on a follow-up patch?

Tied up with a few things right now, but I can get around to it
sometime next week (if you don't get a chance to implement it before
that)

-Thanks,
Ranjit


>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ