| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jul 2019 15:32:10 -0700
From: Stanislav Fomichev <sdf@...ichev.me>
To: Song Liu <liu.song.a23@...il.com>
Cc: Stanislav Fomichev <sdf@...gle.com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
"David S . Miller" <davem@...emloft.net>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Willem de Bruijn <willemb@...gle.com>,
Petar Penkov <ppenkov@...gle.com>
Subject: Re: [PATCH bpf-next 1/7] bpf/flow_dissector: pass input flags to BPF
flow dissector program
On 07/24, Song Liu wrote:
> On Wed, Jul 24, 2019 at 10:11 AM Stanislav Fomichev <sdf@...gle.com> wrote:
> >
> > C flow dissector supports input flags that tell it to customize parsing
> > by either stopping early or trying to parse as deep as possible. Pass
> > those flags to the BPF flow dissector so it can make the same
> > decisions. In the next commits I'll add support for those flags to
> > our reference bpf_flow.c
> >
> > Cc: Willem de Bruijn <willemb@...gle.com>
> > Cc: Petar Penkov <ppenkov@...gle.com>
> > Signed-off-by: Stanislav Fomichev <sdf@...gle.com>
> > ---
> > include/linux/skbuff.h | 2 +-
> > include/net/flow_dissector.h | 4 ----
> > include/uapi/linux/bpf.h | 5 +++++
> > net/bpf/test_run.c | 2 +-
> > net/core/flow_dissector.c | 5 +++--
> > 5 files changed, 10 insertions(+), 8 deletions(-)
> >
> > diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> > index 718742b1c505..9b7a8038beec 100644
> > --- a/include/linux/skbuff.h
> > +++ b/include/linux/skbuff.h
> > @@ -1271,7 +1271,7 @@ static inline int skb_flow_dissector_bpf_prog_detach(const union bpf_attr *attr)
> >
> > struct bpf_flow_dissector;
> > bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
> > - __be16 proto, int nhoff, int hlen);
> > + __be16 proto, int nhoff, int hlen, unsigned int flags);
> >
> > bool __skb_flow_dissect(const struct net *net,
> > const struct sk_buff *skb,
> > diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
> > index 90bd210be060..3e2642587b76 100644
> > --- a/include/net/flow_dissector.h
> > +++ b/include/net/flow_dissector.h
> > @@ -253,10 +253,6 @@ enum flow_dissector_key_id {
> > FLOW_DISSECTOR_KEY_MAX,
> > };
> >
> > -#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
> > -#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
> > -#define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
> > -
> > struct flow_dissector_key {
> > enum flow_dissector_key_id key_id;
> > size_t offset; /* offset of struct flow_dissector_key_*
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index fa1c753dcdbc..b4ad19bd6aa8 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -3507,6 +3507,10 @@ enum bpf_task_fd_type {
> > BPF_FD_TYPE_URETPROBE, /* filename + offset */
> > };
> >
> > +#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG (1U << 0)
> > +#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL (1U << 1)
> > +#define FLOW_DISSECTOR_F_STOP_AT_ENCAP (1U << 2)
>
> Do we have to move these?
These have to be a part of UAPI one way or another. The easiest thing
we can do is to call the existing flags a UAPI and move them into
exported headers. Alternatively, we can introduce new set of UAPI flags
and do some kind of conversion between exported and internal ones.
Since it's pretty easy to add/deprecate them (see cover letter), I've
decided to just move them instead of adding another set and doing
conversion. I'm open to suggestions if you think otherwise.
Powered by blists - more mailing lists