lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 22 Apr 2019 21:15:04 -0700
From:   Alexei Starovoitov <>
To:     Stanislav Fomichev <>
Subject: Re: [PATCH bpf-next v6 0/9] net: flow_dissector: trigger BPF hook
 when called from eth_get_headlen

On Mon, Apr 22, 2019 at 08:55:43AM -0700, Stanislav Fomichev wrote:
> Currently, when eth_get_headlen calls flow dissector, it doesn't pass any
> skb. Because we use passed skb to lookup associated networking namespace
> to find whether we have a BPF program attached or not, we always use
> C-based flow dissector in this case.
> The goal of this patch series is to add new networking namespace argument
> to the eth_get_headlen and make BPF flow dissector programs be able to
> work in the skb-less case.
> The series goes like this:
> * use new kernel context (struct bpf_flow_dissector) for flow dissector
>   programs; this makes it easy to distinguish between skb and no-skb
>   case and supports calling BPF flow dissector on a chunk of raw data
> * convert BPF_PROG_TEST_RUN to use raw data
> * plumb network namespace into __skb_flow_dissect from all callers
> * handle no-skb case in __skb_flow_dissect
> * update eth_get_headlen to include net namespace argument and
>   convert all existing users
> * add selftest to make sure bpf_skb_load_bytes is not allowed in
>   the no-skb mode
> * extend test_progs to exercise skb-less flow dissection as well
> * stop adjusting nhoff/thoff by ETH_HLEN in BPF_PROG_TEST_RUN
> v6:
> * more suggestions by Alexei:
>   * eth_get_headlen now takes net dev, not net namespace
>   * test skb-less case via tun eth_get_headlen
> * fix return errors in bpf_flow_load
> * don't adjust nhoff/thoff by ETH_HLEN

All looks good to me.
But I don't trust myself reviewing flow dissector bits :)

Eric and Willem, could you please take a look as well
and hopefully ack it ?


Powered by blists - more mailing lists