lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1424287559-25700-1-git-send-email-simon.horman@netronome.com> Date: Wed, 18 Feb 2015 14:25:56 -0500 From: Simon Horman <simon.horman@...ronome.com> To: netdev@...r.kernel.org Cc: Simon Horman <simon.horman@...ronome.com> Subject: [PATCH/RFC 0/3] net: unft: Add Userspace hairpin network flow table device *** Not for Upstream Merge *** For informational purposes only As discussed at netconf we have been working on hairpinning Flow API messages back to user-space as a mechanism for exercising that API. And as promised at netconf I am releasing our code. What this can do: * Allow the implementation of the NDO's proposed by John Fastabend's API to be implemented in user-space. This is done using netlink messages. What this cannot do: * Anything else Limitations: * Both the design and the implementation are slow I have also written user-space code. There are two portions: 1. flow-table This may be used to send and receive messages from the Flow API. It a command-line utility which may be used to exercise the flow API. And a library to help achieve this. An interesting portion of the library is a small framework for converting between netlink and JSON. It is available here: https://github.com/horms/flow-table The licence is GPLv2 It overlaps to some extent with user-space code by John Fastabend. I was not aware of that work which he was doing concurrently. 2. flow-table-hairpin This is a daemon that listens for messages hairpined back to user-space and responds accordingly. That is, the user-space backing of the NDOs of the Flow API. It includes a simple flow table backend (ftbe) abstraction and a dummy implementation that stores flows in a local list ** and does nothing else with them *** It is available here: https://github.com/horms/flow-table-hairpin The licence is GPLv2 Usage example: # Create unft netdev ip link add type unft # Start haripind. The tables, headers, etc... are provided as JSON flow-table-hairpind \ --tables tables.json \ --headers headers.json \ --actions actions.json \ --header-graph header-graph.json \ --table-graph table-graph.json & # Get the tables of unft using the Flow API flow-table-ctl get-tables unft0 Base: These patches are based on v2 of the Flow API. "[net-next PATCH v2 00/12] Flow API" http://www.spinics.net/lists/netdev/msg311961.html Simon Horman (3): net: flow: export net_flow_{put_rule,get_{field,action}} net: flow: Introduce flow table hairpin API net: unft: Add Userspace hairpin network flow table device drivers/net/Kconfig | 9 + drivers/net/Makefile | 1 + drivers/net/unft.c | 1520 ++++++++++++++++++++++++++++++++++ include/linux/if_flow.h | 6 + include/linux/if_flow_hairpin.h | 6 + include/uapi/linux/if_flow_hairpin.h | 159 ++++ net/core/flow_table.c | 10 +- 7 files changed, 1707 insertions(+), 4 deletions(-) create mode 100644 drivers/net/unft.c create mode 100644 include/linux/if_flow_hairpin.h create mode 100644 include/uapi/linux/if_flow_hairpin.h -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists