lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BL2PR07MB2306ED437FAFA98CBA49E07F8DA10@BL2PR07MB2306.namprd07.prod.outlook.com>
Date:   Tue, 1 Nov 2016 06:45:47 +0000
From:   "Mintz, Yuval" <Yuval.Mintz@...ium.com>
To:     Tom Herbert <tom@...bertland.com>
CC:     netdev <netdev@...r.kernel.org>
Subject: RE: XDP question - how much can BPF change in xdp_buff?


> > So I've [finally] started looking into implementing XDP for qede, and
> > there's one thing I feel like I'm missing in regard to XDP_TX - what's
> > the guarantee/requirement that the bpf program isn't going to
> > transmute some fields of the rx packet in a way that would prevent the
> > forwarding?
> >
> I think there are really two separate questions you're probably asking. 1) Can
> XDP modify a packet in such a way that it won't be forwarded by the driver when
> XDP_TX is returned, ie. driver would drop packet  2) Does anything prevent the
> BPF program from modifying the packet such that it becomes malformed (bad
> checksum, mangled headers, etc.).
> 
> I believe the answer to #1 is "no", the XDP interface assumes raw packets. If
> program returns XDP_TX then the driver will forward the raw packet without any
> further consideration.
> 
> The answer to #2 is "no", there is no check that packet produced is sensible. We
> assume that the user setting the XDP program knows what they are doing.

O.k., thanks - so I can safely assume forwarding wouldn't require any HW offloading.

BTW, are we considering some offload where the eBPF would return  a set
of changes [based on some pre-set capabilities set by driver] done on buffer
and let the HW offload those?

I understand end goal is eBPF hw-offloading, but seems like there are a lot of
existing offload facilities that might be leveraged.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ