lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Oct 2019 10:06:40 -0700
From:   John Fastabend <john.fastabend@...il.com>
To:     Jakub Sitnicki <jakub@...udflare.com>, bpf@...r.kernel.org
Cc:     John Fastabend <john.fastabend@...il.com>,
        Martin KaFai Lau <kafai@...com>, netdev@...r.kernel.org,
        kernel-team@...udflare.com
Subject: RE: [RFC bpf-next 2/5] bpf, sockmap: Allow inserting listening TCP
 sockets into SOCKMAP

Jakub Sitnicki wrote:
> In order for SOCKMAP type to become a generic collection for storing socket
> references we need to loosen the checks in update callback.
> 
> Currently SOCKMAP requires the TCP socket to be in established state, which
> prevents us from using it to keep references to listening sockets.
> 
> Change the update pre-checks so that it is sufficient for socket to be in a
> hash table, i.e. have a local address/port, to be inserted.
> 
> Return -EINVAL if the condition is not met to be consistent with
> REUSEPORT_SOCKARRY map type.
> 
> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---

We need to also have some tests then to verify redirecting to this listen socket
does the correct thing. Once its in the map we can redirect (ingress or egress)
to it and need to be sure the semantics are sane.

>  net/core/sock_map.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/net/core/sock_map.c b/net/core/sock_map.c
> index facacc296e6c..222036393b90 100644
> --- a/net/core/sock_map.c
> +++ b/net/core/sock_map.c
> @@ -415,11 +415,14 @@ static int sock_map_update_elem(struct bpf_map *map, void *key,
>  		ret = -EINVAL;
>  		goto out;
>  	}
> -	if (!sock_map_sk_is_suitable(sk) ||
> -	    sk->sk_state != TCP_ESTABLISHED) {
> +	if (!sock_map_sk_is_suitable(sk)) {
>  		ret = -EOPNOTSUPP;
>  		goto out;
>  	}
> +	if (!sk_hashed(sk)) {
> +		ret = -EINVAL;
> +		goto out;
> +	}
>  
>  	sock_map_sk_acquire(sk);
>  	ret = sock_map_update_common(map, idx, sk, flags);
> -- 
> 2.20.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ