lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Feb 2019 15:20:42 +0100
From:   Jesper Dangaard Brouer <brouer@...hat.com>
To:     Peter Oskolkov <posk@...gle.com>
Cc:     brouer@...hat.com, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        Peter Oskolkov <posk@...k.io>, David Ahern <dsahern@...il.com>,
        Willem de Bruijn <willemb@...gle.com>
Subject: Re: [PATCH bpf-next v7 1/6] bpf: add plumbing for BPF_LWT_ENCAP_IP
 in bpf_lwt_push_encap

On Wed,  6 Feb 2019 16:37:15 -0800
Peter Oskolkov <posk@...gle.com> wrote:

> This patch adds all needed plumbing in preparation to allowing
> bpf programs to do IP encapping via bpf_lwt_push_encap. Actual
> implementation is added in the next patch in the patchset.
> 
> Of note:
> - bpf_lwt_push_encap can now be called from BPF_PROG_TYPE_LWT_XMIT
>   prog types in addition to BPF_PROG_TYPE_LWT_IN;
> - if the skb being encapped has GSO set, encapsulation is limited
>   to IPIP/IP+GRE/IP+GUE (both IPv4 and IPv6);
> - as route lookups are different for ingress vs egress, the single
>   external bpf_lwt_push_encap BPF helper is routed internally to
>   either bpf_lwt_in_push_encap or bpf_lwt_xmit_push_encap BPF_CALLs,
>   depending on prog type.
> 
> Signed-off-by: Peter Oskolkov <posk@...gle.com>
> ---
>  include/uapi/linux/bpf.h | 26 +++++++++++++++++++++--
>  net/core/filter.c        | 46 +++++++++++++++++++++++++++++++++++-----
>  2 files changed, 65 insertions(+), 7 deletions(-)
> 
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 1777fa0c61e4..138089ff24cf 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -2016,6 +2016,19 @@ union bpf_attr {
>   *			Only works if *skb* contains an IPv6 packet. Insert a
>   *			Segment Routing Header (**struct ipv6_sr_hdr**) inside
>   *			the IPv6 header.
> + *		**BPF_LWT_ENCAP_IP**
> + *			IP encapsulation (GRE/GUE/IPIP/etc). The outer header
> + *			must be IPv4 or IPv6, followed by zero or more
> + *			additional headers, up to LWT_BPF_MAX_HEADROOM total
> + *			bytes in all prepended headers. PLease note that
                                                        ^^
Trivial typo PLease

> + *			if skb_is_gso(skb) is true, no more than two headers
> + *			can be prepended, and the inner header, if present,
> + *			should be either GRE or UDP/GUE.
> +

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ