| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181016015651.22696-1-dsahern@kernel.org> Date: Mon, 15 Oct 2018 18:56:40 -0700 From: David Ahern <dsahern@...nel.org> To: netdev@...r.kernel.org, davem@...emloft.net Cc: David Ahern <dsahern@...il.com> Subject: [PATCH v2 net-next 00/11] net: Kernel side filtering for route dumps From: David Ahern <dsahern@...il.com> Implement kernel side filtering of route dumps by protocol (e.g., which routing daemon installed the route), route type (e.g., unicast), table id and nexthop device. iproute2 has been doing this filtering in userspace for years; pushing the filters to the kernel side reduces the amount of data the kernel sends and reduces wasted cycles on both sides processing unwanted data. These initial options provide a huge improvement for efficiently examining routes on large scale systems. v2 - better handling of requests for a specific table. Rather than walking the hash of all tables, lookup the specific table and dump it - refactor mr_rtm_dumproute moving the loop over the table into a helper that can be invoked directly - add hook to return NLM_F_DUMP_FILTERED in DONE message to ensure it is returned even when the dump returns nothing David Ahern (11): netlink: Add answer_flags to netlink_callback net: Add struct for fib dump filter net/ipv4: Plumb support for filtering route dumps net/ipv6: Plumb support for filtering route dumps net/mpls: Plumb support for filtering route dumps ipmr: Refactor mr_rtm_dumproute net: Plumb support for filtering ipv4 and ipv6 multicast route dumps net: Enable kernel side filtering of route dumps net/mpls: Handle kernel side filtering of route dumps net/ipv6: Bail early if user only wants cloned entries net/ipv4: Bail early if user only wants prefix entries include/linux/mroute_base.h | 11 +++- include/linux/netlink.h | 1 + include/net/ip6_route.h | 1 + include/net/ip_fib.h | 17 ++++-- net/ipv4/fib_frontend.c | 76 ++++++++++++++++++++++---- net/ipv4/fib_trie.c | 37 +++++++++---- net/ipv4/ipmr.c | 22 ++++++-- net/ipv4/ipmr_base.c | 126 ++++++++++++++++++++++++++++++++------------ net/ipv6/ip6_fib.c | 34 +++++++++--- net/ipv6/ip6mr.c | 21 ++++++-- net/ipv6/route.c | 40 +++++++++++--- net/mpls/af_mpls.c | 92 +++++++++++++++++++++++++++----- net/netlink/af_netlink.c | 3 +- 13 files changed, 386 insertions(+), 95 deletions(-) -- 2.11.0
Powered by blists - more mailing lists