lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 19 Feb 2019 11:13:40 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     brakmo <brakmo@...com>
Cc:     netdev <netdev@...r.kernel.org>, Martin Lau <kafai@...com>,
        Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>, edumazet@...gle.com,
        ycheng@...gle.com, ncardwell@...gle.com
Subject: Re: [PATCH bpf-next 0/9] bpf: Network Resource Manager (NRM)

On 02/19/2019 06:38 AM, brakmo wrote:
> Network Resource Manager is a framework for limiting the bandwidth used
> by v2 cgroups. It consists of 4 BPF helpers and a sample BPF program to
> limit egress bandwdith as well as a sample user program and script to
> simplify NRM testing.
> 
> The sample NRM BPF program is not meant to be production quality, it is
> provided as proof of concept. A lot more information, including sample
> runs in some cases, are provided in the commit messages of the individual
> patches.
> 
> Two more BPF programs, one to limit ingress and one that limits egress
> and uses fq's Earliest Departure Time feature, will be provided in an
> upcomming patchset.
> 
> brakmo (9):
>   bpf: Add bpf helper bpf_tcp_enter_cwr
>   bpf: Test bpf_tcp_enter_cwr in test_verifier
>   bpf: add bpf helper bpf_skb_set_ecn
>   bpf: Add bpf helper bpf_tcp_check_probe_timer
>   bpf: sync bpf.h to tools and update bpf_helpers.h
>   bpf: Sample program to load cg skb BPF programs
>   bpf: Sample NRM BPF program to limit egress bw
>   bpf: User program for testing NRM
>   bpf: NRM test script
> 
>  include/linux/bpf.h                         |   1 +
>  include/uapi/linux/bpf.h                    |  27 +-
>  kernel/bpf/verifier.c                       |   4 +
>  net/core/filter.c                           |  70 ++++
>  samples/bpf/Makefile                        |   7 +
>  samples/bpf/do_nrm_test.sh                  | 429 +++++++++++++++++++
>  samples/bpf/load_cg_skb.c                   | 109 +++++
>  samples/bpf/nrm.c                           | 439 ++++++++++++++++++++
>  samples/bpf/nrm.h                           |  31 ++
>  samples/bpf/nrm_kern.h                      | 109 +++++
>  samples/bpf/nrm_out_kern.c                  | 213 ++++++++++
>  tools/include/uapi/linux/bpf.h              |  27 +-
>  tools/testing/selftests/bpf/bpf_helpers.h   |   6 +
>  tools/testing/selftests/bpf/verifier/sock.c |  33 ++
>  14 files changed, 1503 insertions(+), 2 deletions(-)
>  create mode 100755 samples/bpf/do_nrm_test.sh
>  create mode 100644 samples/bpf/load_cg_skb.c
>  create mode 100644 samples/bpf/nrm.c
>  create mode 100644 samples/bpf/nrm.h
>  create mode 100644 samples/bpf/nrm_kern.h
>  create mode 100644 samples/bpf/nrm_out_kern.c

Looks okay to me modulo few minor comments, but lets also Cc TCP maintainers
to given them a chance to comment/ACK helper functions.

Thanks,
Daniel

Powered by blists - more mailing lists