| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Oct 2019 12:04:05 -0700
From: John Fastabend <john.fastabend@...il.com>
To: Jakub Sitnicki <jakub@...udflare.com>, Martin Lau <kafai@...com>
Cc: "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
John Fastabend <john.fastabend@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"kernel-team@...udflare.com" <kernel-team@...udflare.com>
Subject: Re: [RFC bpf-next 0/5] Extend SOCKMAP to store listening sockets
Jakub Sitnicki wrote:
> On Mon, Oct 28, 2019 at 06:52 AM CET, Martin Lau wrote:
> > On Tue, Oct 22, 2019 at 01:37:25PM +0200, Jakub Sitnicki wrote:
> >> This patch set is a follow up on a suggestion from LPC '19 discussions to
> >> make SOCKMAP (or a new map type derived from it) a generic type for storing
> >> established as well as listening sockets.
> >>
> >> We found ourselves in need of a map type that keeps references to listening
> >> sockets when working on making the socket lookup programmable, aka BPF
> >> inet_lookup [1]. Initially we repurposed REUSEPORT_SOCKARRAY but found it
> >> problematic to extend due to being tightly coupled with reuseport
> >> logic (see slides [2]).
> >> So we've turned our attention to SOCKMAP instead.
> >>
> >> As it turns out the changes needed to make SOCKMAP suitable for storing
> >> listening sockets are self-contained and have use outside of programming
> >> the socket lookup. Hence this patch set.
> >>
> >> With these patches SOCKMAP can be used in SK_REUSEPORT BPF programs as a
> >> drop-in replacement for REUSEPORT_SOCKARRAY for TCP. This can hopefully
> >> lead to code consolidation between the two map types in the future.
> > What is the plan for UDP support in sockmap?
>
> It's on our road-map because without SOCKMAP support for UDP we won't be
> able to move away from TPROXY [1] and custom SO_BINDTOPREFIX extension
> [2] for steering new UDP flows to receiving sockets. Also we would like
> to look into using SOCKMAP for connected UDP socket splicing in the
> future [3].
>
> I was planning to split work as follows:
>
> 1. SOCKMAP support for listening sockets (this series)
> 2. programmable socket lookup for TCP (cut-down version of [4])
> 3. SOCKMAP support for UDP (work not started)
> 4. programmable socket lookup for UDP (rest of [4])
>
> I'm open to suggestions on how to organize it.
Looks good to me. I've had UDP support on my todo list for awhile now
but it hasn't got to the top yet so glad to see this.
Also perhaps not necessary for your work but I have some patches on my
stack I'll try to get out soon to get ktls + receive hooks working.
>
> >> Having said that, the main intention here is to lay groundwork for using
> >> SOCKMAP in the next iteration of programmable socket lookup patches.
> > What may be the minimal to get only lookup work for UDP sockmap?
> > .close() and .unhash()?
>
> John would know better. I haven't tried doing it yet.
Right, I don't think its too complicated we just need the hooks and then
to be sure the socket state checks are OK. Having listening support should
help with the UDP case.
>
> From just reading the code - override the two proto ops you mentioned,
> close and unhash, and adapt the socket checks in SOCKMAP.
+1.
>
> -Jakub
>
> [1] https://blog.cloudflare.com/how-we-built-spectrum/
> [2] https://lore.kernel.org/netdev/1458699966-3752-1-git-send-email-gilberto.bertin@gmail.com/
> [3] https://lore.kernel.org/bpf/20190828072250.29828-1-jakub@cloudflare.com/
> [4] https://blog.cloudflare.com/sockmap-tcp-splicing-of-the-future/
Powered by blists - more mailing lists