| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Aug 2018 15:44:19 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: vincent.whitchurch@...s.com
Cc: David Miller <davem@...emloft.net>,
Network Development <netdev@...r.kernel.org>,
Willem de Bruijn <willemb@...gle.com>, rabinv@...s.com
Subject: Re: [PATCH net-next] packet: add sockopt to ignore outgoing packets
On Thu, Aug 30, 2018 at 6:12 AM Vincent Whitchurch
<vincent.whitchurch@...s.com> wrote:
>
> Currently, the only way to ignore outgoing packets on a packet socket is
> via the BPF filter. With MSG_ZEROCOPY, packets that are looped into
> AF_PACKET are copied in dev_queue_xmit_nit(), and this copy happens even
> if the filter run from packet_rcv() would reject them. So the presence
> of a packet socket on the interface takes away the benefits of
> MSG_ZEROCOPY, even if the packet socket is not interested in outgoing
> packets. (Even when MSG_ZEROCOPY is not used, the skb is unnecessarily
> cloned, but the cost for that is much lower.)
>
> Add a socket option to allow AF_PACKET sockets to ignore outgoing
> packets to solve this. Note that the *BSDs already have something
> similar: BIOCSSEESENT/BIOCSDIRECTION and BIOCSDIRFILT.
>
> The first intended user is lldpd.
Clear description of the use case, thanks. I don't see a simple alternative
to introducing a new socket option, either (a new ETH_P_xx protocol
wildcard different from ETH_P_ALL, perhaps).
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@...s.com>
> ---
> include/linux/netdevice.h | 1 +
> include/uapi/linux/if_packet.h | 1 +
> net/core/dev.c | 3 +++
> net/packet/af_packet.c | 15 +++++++++++++++
> 4 files changed, 20 insertions(+)
>
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index ca5ab98053c8..8ef14d9edc58 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -2317,6 +2317,7 @@ static inline struct sk_buff *call_gro_receive_sk(gro_receive_sk_t cb,
>
> struct packet_type {
> __be16 type; /* This is really htons(ether_type). */
> + bool ignore_outgoing;
> struct net_device *dev; /* NULL is wildcarded here */
> int (*func) (struct sk_buff *,
> struct net_device *,
> diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h
> index 67b61d91d89b..467b654bd4c7 100644
> --- a/include/uapi/linux/if_packet.h
> +++ b/include/uapi/linux/if_packet.h
> @@ -57,6 +57,7 @@ struct sockaddr_ll {
> #define PACKET_QDISC_BYPASS 20
> #define PACKET_ROLLOVER_STATS 21
> #define PACKET_FANOUT_DATA 22
> +#define PACKET_IGNORE_OUTGOING 23
>
> #define PACKET_FANOUT_HASH 0
> #define PACKET_FANOUT_LB 1
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 325fc5088370..0addb4f0abfe 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -1947,6 +1947,9 @@ static inline bool skb_loop_sk(struct packet_type *ptype, struct sk_buff *skb)
> if (!ptype->af_packet_priv || !skb->sk)
> return false;
>
> + if (ptype->ignore_outgoing)
> + return true;
> +
This probably does not belong in skb_loop_sk, but in
dev_queue_xmit_nit directly.
> if (ptype->id_match)
> return ptype->id_match(ptype, skb->sk);
> else if ((struct sock *)ptype->af_packet_priv == skb->sk)
Powered by blists - more mailing lists