| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87k18tcgbz.fsf@cloudflare.com>
Date: Fri, 25 Oct 2019 11:41:36 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: John Fastabend <john.fastabend@...il.com>
Cc: bpf@...r.kernel.org, Martin KaFai Lau <kafai@...com>,
netdev@...r.kernel.org, kernel-team@...udflare.com
Subject: Re: [RFC bpf-next 2/5] bpf, sockmap: Allow inserting listening TCP sockets into SOCKMAP
On Thu, Oct 24, 2019 at 07:06 PM CEST, John Fastabend wrote:
> Jakub Sitnicki wrote:
>> In order for SOCKMAP type to become a generic collection for storing socket
>> references we need to loosen the checks in update callback.
>>
>> Currently SOCKMAP requires the TCP socket to be in established state, which
>> prevents us from using it to keep references to listening sockets.
>>
>> Change the update pre-checks so that it is sufficient for socket to be in a
>> hash table, i.e. have a local address/port, to be inserted.
>>
>> Return -EINVAL if the condition is not met to be consistent with
>> REUSEPORT_SOCKARRY map type.
>>
>> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
>> ---
>
> We need to also have some tests then to verify redirecting to this listen socket
> does the correct thing. Once its in the map we can redirect (ingress or egress)
> to it and need to be sure the semantics are sane.
You're right. The redirect BPF helpers that operate on SOCMAP might be
relying on an assumption that sockets are in established state. I need
look into that.
Thanks,
Jakub
Powered by blists - more mailing lists