| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 01 May 2018 10:20:36 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: dsahern@...il.com
Cc: netdev@...r.kernel.org, borkmann@...earbox.net, ast@...nel.org,
shm@...ulusnetworks.com, roopa@...ulusnetworks.com,
brouer@...hat.com, toke@...e.dk, john.fastabend@...il.com
Subject: Re: [RFC v2 bpf-next 0/9] bpf: Add helper to do FIB lookups
From: David Ahern <dsahern@...il.com>
Date: Sun, 29 Apr 2018 11:07:43 -0700
> Provide a helper for doing a FIB and neighbor lookups in the kernel
> tables from an XDP program. The helper provides a fastpath for forwarding
> packets. If the packet is a local delivery or for any reason is not a
> simple lookup and forward, the packet is expected to continue up the stack
> for full processing.
>
> Patches 1-6 do some more refactoring to IPv6 with the end goal of
> extracting a FIB lookup function that aligns with fib_lookup for IPv4,
> basically returning a fib6_info without creating a dst based entry.
>
> Patch 7 adds lookup functions to the ipv6 stub. These are needed since
> bpf is built into the kernel and ipv6 may not be built or loaded.
>
> Patch 8 adds the bpf helper and 9 adds a sample program.
>
> v2
> - fixed use of foward helper from cls_act as noted by Daniel
> - in patch 1 rename fib6_lookup_1 as well for consistency
I've reviewed this and generally I agree with the semantic choices
wrt. resolution.
We really can't do neigh resolution without an SKB, so at least in
the xdp case we must push the packet up into the full stack path.
I guess we could do the neigh resolve in the cls_bpf case, but I
wonder how helpful that would be.
Powered by blists - more mailing lists