| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Sep 2016 14:19:14 -0700 From: Tom Herbert <tom@...bertland.com> To: <davem@...emloft.net>, <netdev@...r.kernel.org> CC: <kernel-team@...com>, <roopa@...ulusnetworks.com>, <tgraf@...g.ch> Subject: [PATCH v2 net-next 0/7] net: ILA resolver and generic resolver backend This patch set implements an ILA host side resolver. This uses LWT to implement the hook to a userspace resolver and tracks pending unresolved address using the backend net resolver. This patch set contains: - An new library function to allocate an array of spinlocks for use with locking hash buckets. - Make hash function in rhashtable directly callable. - A generic resolver backend infrastructure. This primary does two things: track unsesolved addresses and implement a timeout for resolution not happening. These mechanisms provides rate limiting control over resolution requests (for instance in ILA it use used to rate limit requests to userspace to resolve addresses). - The ILA resolver. This is implements to path from the kernel ILA implementation to a userspace daemon that an identifier address needs to be resolved. - Routing messages are used over netlink to indicate resoltion requests. Changes from intial RFC: - Added net argument to LWT build_state - Made resolve timeout an attribute of the LWT encap route - Changed ILA notifications to be regular routing messages of event RTM_ADDR_RESOLVE, family RTNL_FAMILY_ILA, and group RTNLGRP_ILA_NOTIFY Tested: - Ran a UDP flood to random addresses in a resolver prefix. Observed timeout and limits were working (watching "ip monitor"). - Also ran against an ILA client daemon that runs the resolver protocol. Observed that when resolution completes (ILA encap route is installed) routing messages are no longer sent. v2: - Fixed function prototype issue found by kbuild - Fix inccorrect interpretation of return code from net_rslv_lookup_and_create Tom Herbert (7): lwt: Add net to build_state argument spinlock: Add library function to allocate spinlock buckets array rhashtable: Call library function alloc_bucket_locks ila: Call library function alloc_bucket_locks rhashtable: abstract out function to get hash net: Generic resolver backend ila: Resolver mechanism include/linux/rhashtable.h | 28 +++-- include/linux/spinlock.h | 6 + include/net/lwtunnel.h | 14 +-- include/net/resolver.h | 58 +++++++++ include/uapi/linux/ila.h | 9 ++ include/uapi/linux/lwtunnel.h | 1 + include/uapi/linux/rtnetlink.h | 8 +- lib/Makefile | 2 +- lib/bucket_locks.c | 63 ++++++++++ lib/rhashtable.c | 46 +------ net/Kconfig | 4 + net/core/Makefile | 1 + net/core/lwtunnel.c | 11 +- net/core/resolver.c | 272 +++++++++++++++++++++++++++++++++++++++++ net/ipv4/fib_semantics.c | 7 +- net/ipv4/ip_tunnel_core.c | 12 +- net/ipv6/Kconfig | 1 + net/ipv6/ila/Makefile | 2 +- net/ipv6/ila/ila.h | 16 +++ net/ipv6/ila/ila_common.c | 7 ++ net/ipv6/ila/ila_lwt.c | 15 ++- net/ipv6/ila/ila_resolver.c | 249 +++++++++++++++++++++++++++++++++++++ net/ipv6/ila/ila_xlat.c | 51 ++------ net/ipv6/route.c | 2 +- net/mpls/mpls_iptunnel.c | 6 +- 25 files changed, 770 insertions(+), 121 deletions(-) create mode 100644 include/net/resolver.h create mode 100644 lib/bucket_locks.c create mode 100644 net/core/resolver.c create mode 100644 net/ipv6/ila/ila_resolver.c -- 2.8.0.rc2
Powered by blists - more mailing lists