lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CALOAHbDVK2LVQd5hQp4_CfSQy1Eqt3p0AYuzp1ELzXC-mO5owQ@mail.gmail.com>
Date:   Tue, 5 Feb 2019 23:47:31 +0800
From:   Yafang Shao <laoar.shao@...il.com>
To:     Daniel Borkmann <daniel@...earbox.net>
Cc:     Alexei Starovoitov <alexei.starovoitov@...il.com>, kafai@...com,
        brakmo@...com, ast@...nel.org, netdev <netdev@...r.kernel.org>,
        shaoyafang@...iglobal.com
Subject: Re: [PATCH bpf-next] bpf: support SO_DEBUG in bpf_setsockopt()

On Tue, Feb 5, 2019 at 4:23 AM Daniel Borkmann <daniel@...earbox.net> wrote:
>
> On 02/04/2019 06:35 PM, Alexei Starovoitov wrote:
> > On Sun, Feb 03, 2019 at 04:15:07PM +0800, Yafang Shao wrote:
> >> Then we can enable/disable socket debugging without modifying user code.
> >> That is more convenient for debugging.
> >>
> >> Signed-off-by: Yafang Shao <laoar.shao@...il.com>
> >> ---
> >>  include/net/sock.h | 8 ++++++++
> >>  net/core/filter.c  | 3 +++
> >>  net/core/sock.c    | 8 --------
> >>  3 files changed, 11 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/include/net/sock.h b/include/net/sock.h
> >> index 2b229f7..8decee9 100644
> >> --- a/include/net/sock.h
> >> +++ b/include/net/sock.h
> >> @@ -1935,6 +1935,14 @@ static inline void sock_confirm_neigh(struct sk_buff *skb, struct neighbour *n)
> >>      }
> >>  }
> >>
> >> +static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
> >> +{
> >> +    if (valbool)
> >> +            sock_set_flag(sk, bit);
> >> +    else
> >> +            sock_reset_flag(sk, bit);
> >> +}
> >> +
> >>  bool sk_mc_loop(struct sock *sk);
> >>
> >>  static inline bool sk_can_gso(const struct sock *sk)
> >> diff --git a/net/core/filter.c b/net/core/filter.c
> >> index 3a49f68..ce5da57 100644
> >> --- a/net/core/filter.c
> >> +++ b/net/core/filter.c
> >> @@ -4111,6 +4111,9 @@ static unsigned long bpf_xdp_copy(void *dst_buff, const void *src_buff,
> >>
> >>              /* Only some socketops are supported */
> >>              switch (optname) {
> >> +            case SO_DEBUG:
> >> +                    sock_valbool_flag(sk, SOCK_DBG, val);
> >> +                    break;
> >
> > I'm missing the point here.
> > This flag has any effect only when SOCK_DEBUGGING is set.
> > But it is off in distros.
> > Since it's for custom debug kernel only why bother with
> > setting the flag via bpf prog?
>
> +1, this seems like some ancient debugging interface. Back at last netconf
> there was a proposal [0] to have a tcp_stats(sk, TCP_MIB_...) API for MIBs
> counter such that this can be traced via BPF on a per socket basis, for
> example. Might be worthwhile to work into that direction instead and potentially
> get rid of the SOCK_DEBUG() statements and convert (where appropriate) to
> such an interface. Thoughts?
>
>   [0] page 14, http://vger.kernel.org/netconf2018_files/BrendanGregg_netconf2018.pdf

This proposal seems like a better solution.
I will think about it.
Thanks for your suggestion.

Thanks
Yafang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ