| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Nov 2016 06:45:47 +0000 From: "Mintz, Yuval" <Yuval.Mintz@...ium.com> To: Tom Herbert <tom@...bertland.com> CC: netdev <netdev@...r.kernel.org> Subject: RE: XDP question - how much can BPF change in xdp_buff? > > So I've [finally] started looking into implementing XDP for qede, and > > there's one thing I feel like I'm missing in regard to XDP_TX - what's > > the guarantee/requirement that the bpf program isn't going to > > transmute some fields of the rx packet in a way that would prevent the > > forwarding? > > > I think there are really two separate questions you're probably asking. 1) Can > XDP modify a packet in such a way that it won't be forwarded by the driver when > XDP_TX is returned, ie. driver would drop packet 2) Does anything prevent the > BPF program from modifying the packet such that it becomes malformed (bad > checksum, mangled headers, etc.). > > I believe the answer to #1 is "no", the XDP interface assumes raw packets. If > program returns XDP_TX then the driver will forward the raw packet without any > further consideration. > > The answer to #2 is "no", there is no check that packet produced is sensible. We > assume that the user setting the XDP program knows what they are doing. O.k., thanks - so I can safely assume forwarding wouldn't require any HW offloading. BTW, are we considering some offload where the eBPF would return a set of changes [based on some pre-set capabilities set by driver] done on buffer and let the HW offload those? I understand end goal is eBPF hw-offloading, but seems like there are a lot of existing offload facilities that might be leveraged.
Powered by blists - more mailing lists