lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Jan 2020 19:07:43 +0100
From:   Jakub Sitnicki <jakub@...udflare.com>
To:     Lorenz Bauer <lmb@...udflare.com>
Cc:     bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        kernel-team <kernel-team@...udflare.com>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        John Fastabend <john.fastabend@...il.com>,
        Martin Lau <kafai@...com>
Subject: Re: [PATCH bpf-next v3 06/12] bpf, sockmap: Don't set up sockmap progs for listening sockets

On Wed, Jan 22, 2020 at 05:24 PM CET, Lorenz Bauer wrote:
> On Wed, 22 Jan 2020 at 13:06, Jakub Sitnicki <jakub@...udflare.com> wrote:
>> @@ -352,7 +376,15 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx,
>>         if (!link)
>>                 return -ENOMEM;
>>
>> -       ret = sock_map_link(map, &stab->progs, sk);
>> +       /* Only established or almost established sockets leaving
>> +        * SYN_RECV state need to hold refs to parser/verdict progs
>> +        * and have their sk_data_ready and sk_write_space callbacks
>> +        * overridden.
>> +        */
>> +       if (sk->sk_state == TCP_LISTEN)
>> +               ret = sock_map_link_no_progs(map, sk);
>> +       else
>> +               ret = sock_map_link(map, &stab->progs, sk);
>
> Could you use sock_map_redirect_okay from the previous patch here
> instead of checking for TCP_LISTEN?

Makes sense. Queuing it for next iteration if more things pile up.

To give the rest of reviewers some context - Lorenz started looking at
adding bare-bones support for UDP to sockmap. Bare-bones meaning that
UDP sockets could be inserted/deleted into/from sockmap, but not spliced
with sockmap.

Being consistent about how we check if a socket can be used for splicing
will make extending it for UDP easier.

Thanks,
-jkbs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ