| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Oct 2016 11:48:37 -0400 (EDT) From: David Miller <davem@...emloft.net> To: tom@...bertland.com Cc: netdev@...r.kernel.org, kernel-team@...com Subject: Re: [PATCH v2 net-next 0/7] udp: Flow dissection for tunnels From: Tom Herbert <tom@...bertland.com> Date: Mon, 17 Oct 2016 12:41:55 -0700 > Now that we have a means to perform a UDP socket lookup without taking > a reference, it is feasible to have flow dissector crack open UDP > encapsulated packets. Generally, we would expect that the UDP source > port or the flow label in IPv6 would contain enough entropy about > the encapsulated flow. However, there will be cases, such as a static > UDP tunnel with fixed ports, where dissecting the encapsulated packet > is valuable. > > The model is here is similar to that implemented for UDP GRO. A > tunnel implementation (e.g. GUE) may set a flow_dissect function > in the udp_sk. In __skb_flow_dissect a case has been added for > UDP to check if there is a socket with flow_dissect set. If there > is the function is called. The (per tunnel implementation) > function can parse the encapsulation headers and return the > next protocol for __skb_flow_dissect to process and it's position > in nhoff. > > Since performing a UDP lookup on every packet might be expensive > I added a static key check to bypass the lookup if there are no > sockets with flow_dissect set. I should mention that doing the > lookup wasn't particularly a big hit anyway. > > Fou/gue was modified to perform tunnel dissection. This is enabled > on each listener socket via a netlink configuration option. Series applied, thanks Tom.
Powered by blists - more mailing lists