lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1424287559-25700-1-git-send-email-simon.horman@netronome.com>
Date:	Wed, 18 Feb 2015 14:25:56 -0500
From:	Simon Horman <simon.horman@...ronome.com>
To:	netdev@...r.kernel.org
Cc:	Simon Horman <simon.horman@...ronome.com>
Subject: [PATCH/RFC 0/3] net: unft: Add Userspace hairpin network flow table device

*** Not for Upstream Merge
*** For informational purposes only

As discussed at netconf we have been working on hairpinning Flow API
messages back to user-space as a mechanism for exercising that API.

And as promised at netconf I am releasing our code.

What this can do:
* Allow the implementation of the NDO's proposed by John Fastabend's API
  to be implemented in user-space. This is done using netlink messages.

What this cannot do:
* Anything else

Limitations:
* Both the design and the implementation are slow

I have also written user-space code. There are two portions:

1. flow-table

   This may be used to send and receive messages from the Flow API.
   It a command-line utility which may be used to exercise the flow API.
   And a library to help achieve this. An interesting portion
   of the library is a small framework for converting between
   netlink and JSON.

   It is available here: https://github.com/horms/flow-table
   The licence is GPLv2

   It overlaps to some extent with user-space code by John Fastabend.
   I was not aware of that work which he was doing concurrently.

2. flow-table-hairpin

   This is a daemon that listens for messages hairpined back
   to user-space and responds accordingly. That is, the user-space
   backing of the NDOs of the Flow API.

   It includes a simple flow table backend (ftbe) abstraction
   and a dummy implementation that stores flows in a local list
   ** and does nothing else with them ***

   It is available here: https://github.com/horms/flow-table-hairpin
   The licence is GPLv2


Usage example:

# Create unft netdev
ip link add type unft

# Start haripind. The tables, headers, etc... are provided as JSON
flow-table-hairpind \
        --tables tables.json \
        --headers headers.json \
        --actions actions.json \
        --header-graph header-graph.json \
        --table-graph table-graph.json &

# Get the tables of unft using the Flow API
flow-table-ctl get-tables unft0


Base:

These patches are based on v2 of the Flow API.
"[net-next PATCH v2 00/12] Flow API"
http://www.spinics.net/lists/netdev/msg311961.html


Simon Horman (3):
  net: flow: export net_flow_{put_rule,get_{field,action}}
  net: flow: Introduce flow table hairpin API
  net: unft: Add Userspace hairpin network flow table device

 drivers/net/Kconfig                  |    9 +
 drivers/net/Makefile                 |    1 +
 drivers/net/unft.c                   | 1520 ++++++++++++++++++++++++++++++++++
 include/linux/if_flow.h              |    6 +
 include/linux/if_flow_hairpin.h      |    6 +
 include/uapi/linux/if_flow_hairpin.h |  159 ++++
 net/core/flow_table.c                |   10 +-
 7 files changed, 1707 insertions(+), 4 deletions(-)
 create mode 100644 drivers/net/unft.c
 create mode 100644 include/linux/if_flow_hairpin.h
 create mode 100644 include/uapi/linux/if_flow_hairpin.h

-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists