lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAF=yD-LDLZdpTttZzrOZqdGpo2AXGgHNkH5NTSO+TitrggOw-Q@mail.gmail.com> Date: Thu, 30 Aug 2018 15:44:19 -0400 From: Willem de Bruijn <willemdebruijn.kernel@...il.com> To: vincent.whitchurch@...s.com Cc: David Miller <davem@...emloft.net>, Network Development <netdev@...r.kernel.org>, Willem de Bruijn <willemb@...gle.com>, rabinv@...s.com Subject: Re: [PATCH net-next] packet: add sockopt to ignore outgoing packets On Thu, Aug 30, 2018 at 6:12 AM Vincent Whitchurch <vincent.whitchurch@...s.com> wrote: > > Currently, the only way to ignore outgoing packets on a packet socket is > via the BPF filter. With MSG_ZEROCOPY, packets that are looped into > AF_PACKET are copied in dev_queue_xmit_nit(), and this copy happens even > if the filter run from packet_rcv() would reject them. So the presence > of a packet socket on the interface takes away the benefits of > MSG_ZEROCOPY, even if the packet socket is not interested in outgoing > packets. (Even when MSG_ZEROCOPY is not used, the skb is unnecessarily > cloned, but the cost for that is much lower.) > > Add a socket option to allow AF_PACKET sockets to ignore outgoing > packets to solve this. Note that the *BSDs already have something > similar: BIOCSSEESENT/BIOCSDIRECTION and BIOCSDIRFILT. > > The first intended user is lldpd. Clear description of the use case, thanks. I don't see a simple alternative to introducing a new socket option, either (a new ETH_P_xx protocol wildcard different from ETH_P_ALL, perhaps). > Signed-off-by: Vincent Whitchurch <vincent.whitchurch@...s.com> > --- > include/linux/netdevice.h | 1 + > include/uapi/linux/if_packet.h | 1 + > net/core/dev.c | 3 +++ > net/packet/af_packet.c | 15 +++++++++++++++ > 4 files changed, 20 insertions(+) > > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h > index ca5ab98053c8..8ef14d9edc58 100644 > --- a/include/linux/netdevice.h > +++ b/include/linux/netdevice.h > @@ -2317,6 +2317,7 @@ static inline struct sk_buff *call_gro_receive_sk(gro_receive_sk_t cb, > > struct packet_type { > __be16 type; /* This is really htons(ether_type). */ > + bool ignore_outgoing; > struct net_device *dev; /* NULL is wildcarded here */ > int (*func) (struct sk_buff *, > struct net_device *, > diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h > index 67b61d91d89b..467b654bd4c7 100644 > --- a/include/uapi/linux/if_packet.h > +++ b/include/uapi/linux/if_packet.h > @@ -57,6 +57,7 @@ struct sockaddr_ll { > #define PACKET_QDISC_BYPASS 20 > #define PACKET_ROLLOVER_STATS 21 > #define PACKET_FANOUT_DATA 22 > +#define PACKET_IGNORE_OUTGOING 23 > > #define PACKET_FANOUT_HASH 0 > #define PACKET_FANOUT_LB 1 > diff --git a/net/core/dev.c b/net/core/dev.c > index 325fc5088370..0addb4f0abfe 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -1947,6 +1947,9 @@ static inline bool skb_loop_sk(struct packet_type *ptype, struct sk_buff *skb) > if (!ptype->af_packet_priv || !skb->sk) > return false; > > + if (ptype->ignore_outgoing) > + return true; > + This probably does not belong in skb_loop_sk, but in dev_queue_xmit_nit directly. > if (ptype->id_match) > return ptype->id_match(ptype, skb->sk); > else if ((struct sock *)ptype->af_packet_priv == skb->sk)
Powered by blists - more mailing lists