| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <A58D120A-C942-4E06-8D41-CB7607B02AE0@alum.mit.edu> Date: Sun, 18 May 2014 11:26:46 -0700 From: Guy Harris <guy@...m.mit.edu> To: Guy Harris <guy@...m.mit.edu> Cc: "David Laight" <David.Laight@...LAB.COM>, netdev@...r.kernel.org, Jay Schulist <jschlst@...ba.org>, Andi Kleen <ak@...ux.intel.com>, tcpdump-workers@...ts.tcpdump.org, Eric Dumazet <eric.dumazet@...il.com> Subject: Re: [tcpdump-workers] Modular arithmetic On Sep 10, 2012, at 10:50 AM, Guy Harris <guy@...m.mit.edu> wrote: > > On Sep 10, 2012, at 3:41 AM, "David Laight" <David.Laight@...LAB.COM> wrote: > >>>> What about the other OS - eg all the BSDs? >>>> I had a vague idea that BPF was supposed to be reasonable portable. >>> >>> Yes, does it mean BPF is frozen ? >>> >>> Or is BSD so hard to update these days ? >> >> Not really - but it some other places that need updating in order >> to make this useful for cross-platform tools (like tcpdump). >> >> The 'real fun (tm)' happens when NetBSD tries to run Linux binaries >> that include the Linux libpcap. > > Additional fun happens when a Linux system with a kernel that doesn't have the mod instruction tries to run Linux binaries that include a Linux libpcap that generates code using the mod instruction; this is not a BSD-vs.-Linux issue, it's a "kernel that lacks the mod instruction vs. libpcap that generates code that includes the mod instruction" issue. > > BSD/OS X, Linux, Solaris, and the WinPcap driver need, if they adopt new BPF instructions, to have a mechanism by which libpcap (or anything else using BPF filtering) can inquire about the capabilities of the OS BPF interpreter; libpcap would use that to determine what code to generate if generating code for the in-kernel BPF interpreter. In this particular case, there's no choice about what to generate - either you have mod and XOR instructions or you don't. Furthermore, if the kernel rejects a particular BPF program, libpcap just falls back on filtering in userland, so we can support % and ^ operators in libpcap on all platforms, albeit with a performance hit on Linux prior to 3.7 and, currently, on other platforms. I don't think there's anything inherently troublesome about BPF_MOD and BPF_XOR, so I'll file bugs against the various BSDs and OS X suggesting that they be added. So I've checked in a change to libpcap to implement BPF_MOD and BPF_XOR and to add % and ^ operators (yes, the same zero-divide checks in bpf_validate() done for BPF_DIV are done for BPF_MOD, and the optimizer was updated to handle BPF_MOD like BPF_DIV and to handle BPF_XOR like BPF_OR). The pcap-filter man page documents it, but warns that filters using them might be run in userland on pre-3.7 Linux and non-Linux platforms.-- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists