lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20161129055014.GA17751@ast-mbp.thefacebook.com>
Date:   Mon, 28 Nov 2016 21:50:16 -0800
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Sargun Dhillon <sargun@...gun.me>
Cc:     netdev <netdev@...r.kernel.org>, Daniel Mack <daniel@...que.org>,
        Alexei Starovoitov <ast@...com>
Subject: Re: [net-next 1/1] samples: bpf: Refactor test_cgrp2_attach -- use
 getopt, and add mode

On Mon, Nov 28, 2016 at 09:42:25PM -0800, Sargun Dhillon wrote:
> On Mon, Nov 28, 2016 at 7:50 PM, Alexei Starovoitov
> <alexei.starovoitov@...il.com> wrote:
> > On Mon, Nov 28, 2016 at 02:52:42PM -0800, Sargun Dhillon wrote:
> >> This patch modifies test_cgrp2_attach to use getopt so we can use standard
> >> command line parsing.
> >>
> >> It also adds an option to run the program in detach only mode. This does
> >> not attach a new filter at the cgroup, but only runs the detach command.
> >>
> >> Lastly, it changes the attach code to not detach and then attach. It relies
> >> on the 'hotswap' behaviour of CGroup BPF programs to be able to change
> >> in-place. If detach-then-attach behaviour needs to be tested, the example
> >> can be run in detach only mode prior to attachment.
> >>
> >> Signed-off-by: Sargun Dhillon <sargun@...gun.me>
> >
> > looks fine to me.
> > I'd really prefer this example to become an automated test eventually.
> I can do that. As far as test cases:
> 
> 1. create /foo
> 2. enter foo
> 3. attach drop filter to foo
> 4. try to ping 127.0.0.1 (make sure it returns 0 replies)
> 5. create /foo/bar
> 6. enter /foo/bar
> 7. try to ping 127.0.0.1 (make sure it returns 0 replies)
> 8. attach passthrough filter to foo/bar
> 9. try to ping 127.0.0.1 (make sure it returns 1 replies)
> 10. Detach filter from foo/bar
> 11. try to ping 127.0.0.1 (make sure it returns 0 replies)
> Reasonable?

awesome. sounds like a plan.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ