lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5226DB64.3020207@redhat.com>
Date:	Wed, 04 Sep 2013 09:04:04 +0200
From:	Daniel Borkmann <dborkman@...hat.com>
To:	Vladimir Murzin <murzin.v@...il.com>
CC:	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	linuxppc-dev@...ts.ozlabs.org, paulus@...ba.org,
	davem@...emloft.net, Matt Evans <matt@...abs.org>,
	netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] ppc: bpf_jit: support MOD operation

On 09/03/2013 10:52 PM, Daniel Borkmann wrote:
> On 09/03/2013 09:58 PM, Vladimir Murzin wrote:
[...]
>>> Do you have a test case/suite by any chance ?
>>>
>>> Ben.
>>>
>>
>> Hi Ben!
>>
>> Thanks for your feedback.
>>
>> This patch is only compile tested. I have no real hardware, but I'll
>> probably bring up qemu ppc64 till end of the week...
>> Meanwhile, I've made simple how-to for testing. You can use it if you wish.
>> It is mainly based on the [1] and rechecked on x86-64.
>
> Please also cc netdev on BPF related changes.
>
> Actually, your test plan can be further simplified ...
>
> For retrieving and disassembling the JIT image, we have bpf_jit_disasm [1].
>
>   1) echo 2 > /proc/sys/net/core/bpf_jit_enable
>   2) ... attach filter ...
>   3) bpf_jit_disasm -o
>
> For generating a simple stupid test filter, you can use bpfc [2] (also
> see its man page). E.g. ...
>
>    # cat blub
>    ldi #10
>    mod #8
>    ret a
>    # bpfc blub
>    { 0x0, 0, 0, 0x0000000a },
>    { 0x94, 0, 0, 0x00000008 },
>    { 0x16, 0, 0, 0x00000000 },

Plus something like ...

ldxi #0
mod x
ret a

For longer-term testing, also trinity has BPF support. ;)

> And load this array e.g. either into a small C program that attaches this
> as BPF filter, or simply do bpfc blub > blub2 and run netsniff-ng -f blub2\
> -s -i eth0, that should also do it.
>
> Then, when attached, the kernel should truncate incoming frames for pf_packet
> into max length of 2, just as an example.
>
>    [1] kernel tree, tools/net/bpf_jit_disasm.c
>    [2] git clone git://github.com/borkmann/netsniff-ng.git
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ