lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAF=yD-Kdh9f+aRDBdpDk8C6Ap4r281O_kwW=S2x+RH8=R7Mmug@mail.gmail.com>
Date:	Mon, 14 Mar 2016 10:12:17 -0400
From:	Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:	Gilberto Bertin <gilberto.bertin@...il.com>
Cc:	Tom Herbert <tom@...bertland.com>,
	Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [net-next RFC 0/4] SO_BINDTOSUBNET

> - write a bpf filter like this:
..
>
> - compile it:
>         $ clang -target bpf -c -o socket_bpf.o socket_bpf.c
>
> - add this to your server.c:
>         bpf_load_file("/path/to/socket_bpf.o");
>         setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, prog_fd, sizeof(prog_fd[0]));
>
> - link your server with a couple of libbpf libraries (I'm
>  using the kernel ones from samples/bpf) and -lelf
>
> And this is still simplified (since instead of hardcoding the subnet
> into the bpf filter it would be preferable to use maps).
>
>
> thoughts:
> - SO_BINDTOSUBNET is much simpler to configure than BPF
> - BPF requires some external C libraries and I think it would not be
>  trivial to get it working with other languages than C/C++.

You can easily write BPF by hand.

See for instance attach_ebpf() in tools/testing/selftests/net/reuseport_bpf.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ