| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1473895376-347096-1-git-send-email-tom@herbertland.com> Date: Wed, 14 Sep 2016 16:22:49 -0700 From: Tom Herbert <tom@...bertland.com> To: <davem@...emloft.net>, <netdev@...r.kernel.org> CC: <tgraf@...g.ch>, <roopa@...ulusnetworks.com>, <kernel-team@...com> Subject: [PATCH net-next 0/7] net: ILA resolver and generic resolver backend This patch set implements an ILA host side resolver. This uses LWT to implement the hook to a userspace resolver and tracks pending unresolved address using the backend net resolver. This patch set contains: - An new library function to allocate an array of spinlocks for use with locking hash buckets. - Make hash function in rhashtable directly callable. - A generic resolver backend infrastructure. This primary does two things: track unsesolved addresses and implement a timeout for resolution not happening. These mechanisms provides rate limiting control over resolution requests (for instance in ILA it use used to rate limit requests to userspace to resolve addresses). - The ILA resolver. This is implements to path from the kernel ILA implementation to a userspace daemon that an identifier address needs to be resolved. - Routing messages are used over netlink to indicate resoltion requests. Changes from intial RFC: - Added net argument to LWT build_state - Made resolve timeout an attribute of the LWT encap route - Changed ILA notifications to be regular routing messages of event RTM_ADDR_RESOLVE, family RTNL_FAMILY_ILA, and group RTNLGRP_ILA_NOTIFY Tested: - Ran a UDP flood to random addresses in a resolver prefix. Observed timeout and limits were working (watching "ip monitor"). - Also ran against an ILA client daemon that runs the resolver protocol. Observed that when resolution completes (ILA encap route is installed) routing messages are no longer sent. Tom Herbert (7): lwt: Add net to build_state argument spinlock: Add library function to allocate spinlock buckets array rhashtable: Call library function alloc_bucket_locks ila: Call library function alloc_bucket_locks rhashtable: abstract out function to get hash net: Generic resolver backend ila: Resolver mechanism include/linux/rhashtable.h | 28 +++-- include/linux/spinlock.h | 6 + include/net/lwtunnel.h | 10 +- include/net/resolver.h | 58 +++++++++ include/uapi/linux/ila.h | 9 ++ include/uapi/linux/lwtunnel.h | 1 + include/uapi/linux/rtnetlink.h | 8 +- lib/Makefile | 2 +- lib/bucket_locks.c | 63 ++++++++++ lib/rhashtable.c | 46 +------ net/Kconfig | 4 + net/core/Makefile | 1 + net/core/lwtunnel.c | 11 +- net/core/resolver.c | 268 +++++++++++++++++++++++++++++++++++++++++ net/ipv4/fib_semantics.c | 7 +- net/ipv4/ip_tunnel_core.c | 12 +- net/ipv6/Kconfig | 1 + net/ipv6/ila/Makefile | 2 +- net/ipv6/ila/ila.h | 16 +++ net/ipv6/ila/ila_common.c | 7 ++ net/ipv6/ila/ila_lwt.c | 15 ++- net/ipv6/ila/ila_resolver.c | 246 +++++++++++++++++++++++++++++++++++++ net/ipv6/ila/ila_xlat.c | 51 ++------ net/ipv6/route.c | 2 +- net/mpls/mpls_iptunnel.c | 6 +- 25 files changed, 761 insertions(+), 119 deletions(-) create mode 100644 include/net/resolver.h create mode 100644 lib/bucket_locks.c create mode 100644 net/core/resolver.c create mode 100644 net/ipv6/ila/ila_resolver.c -- 2.8.0.rc2
Powered by blists - more mailing lists