lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 May 2018 00:56:42 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Andrey Ignatov <rdna@...com>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, kafai@...com, ast@...nel.org,
        kernel-team@...com
Subject: Re: [PATCH v3 bpf-next 0/5] bpf: Hooks for sys_sendmsg

On 05/25/2018 07:09 AM, Andrey Ignatov wrote:
> v2 -> v3:
> * place BPF logic under static key in udp_sendmsg, udpv6_sendmsg;
> * rebase.
> 
> v1 -> v2:
> * return ENOTSUPP if bpf_prog rewrote IPv6-only with IPv4-mapped IPv6;
> * add test for IPv4-mapped IPv6 use-case;
> * fix build for CONFIG_CGROUP_BPF=n;
> * rebase.
> 
> This path set adds BPF hooks for sys_sendmsg similar to existing hooks for
> sys_bind and sys_connect.
> 
> Hooks allow to override source IP (including the case when it's set via
> cmsg(3)) and destination IP:port for unconnected UDP (slow path). TCP and
> connected UDP (fast path) are not affected. This makes UDP support
> complete: connected UDP is handled by sys_connect hooks, unconnected by
> sys_sendmsg ones.
> 
> Similar to sys_connect hooks, sys_sendmsg ones can be used to make system
> calls such as sendmsg(2) and sendto(2) return EPERM.
> 
> Please see patch 0001 for more details.
> 
> 
> Andrey Ignatov (5):
>   bpf: Hooks for sys_sendmsg
>   bpf: Sync bpf.h to tools/
>   libbpf: Support guessing sendmsg{4,6} progs
>   selftests/bpf: Prepare test_sock_addr for extension
>   selftests/bpf: Selftest for sys_sendmsg hooks
> 
>  include/linux/bpf-cgroup.h                   |   23 +-
>  include/linux/filter.h                       |    1 +
>  include/uapi/linux/bpf.h                     |    8 +
>  kernel/bpf/cgroup.c                          |   11 +-
>  kernel/bpf/syscall.c                         |    8 +
>  net/core/filter.c                            |   39 +
>  net/ipv4/udp.c                               |   20 +-
>  net/ipv6/udp.c                               |   24 +
>  tools/include/uapi/linux/bpf.h               |    8 +
>  tools/lib/bpf/libbpf.c                       |    2 +
>  tools/testing/selftests/bpf/Makefile         |    2 +-
>  tools/testing/selftests/bpf/sendmsg4_prog.c  |   49 ++
>  tools/testing/selftests/bpf/sendmsg6_prog.c  |   60 ++
>  tools/testing/selftests/bpf/test_sock_addr.c | 1155 +++++++++++++++++++++-----
>  14 files changed, 1214 insertions(+), 196 deletions(-)
>  create mode 100644 tools/testing/selftests/bpf/sendmsg4_prog.c
>  create mode 100644 tools/testing/selftests/bpf/sendmsg6_prog.c
> 

Applied to bpf-next, thanks Andrey!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ