| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Feb 2020 09:15:38 +0000
From: Lingpeng Chen <forrest0579@...il.com>
To: bpf <bpf@...r.kernel.org>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
John Fastabend <john.fastabend@...il.com>,
"David S . Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
Petar Penkov <ppenkov.kernel@...il.com>,
Lingpeng Chen <forrest0579@...il.com>
Subject: [PATCH v2 bpf-next 0/3] bpf: Add sock_ops_get_netns helpers
Currently 5-tuple(sip+dip+sport+dport+proto) can't identify a
uniq connection because there may be multi net namespace.
For example, there may be a chance that netns a and netns b all
listen on 127.0.0.1:8080 and the client with same port 40782
connect to them. Without netns number, sock ops program
can't distinguish them.
Using bpf_sock_ops_get_netns helpers to get current connection
netns number to distinguish connections.
Changes in v2:
- Return u64 instead of u32 for sock_ops_get_netns
- Fix build bug when CONFIG_NET_NS not set
- Add selftest for sock_ops_get_netns
Lingpeng Chen (3):
bpf: Add sock ops get netns helpers
bpf: Sync uapi bpf.h to tools/
selftests/bpf: add selftest for sock_ops_get_netns helper
include/uapi/linux/bpf.h | 8 +++-
net/core/filter.c | 19 ++++++++
tools/include/uapi/linux/bpf.h | 8 +++-
.../selftests/bpf/progs/test_tcpbpf_kern.c | 11 +++++
.../testing/selftests/bpf/test_tcpbpf_user.c | 46 ++++++++++++++++++-
5 files changed, 89 insertions(+), 3 deletions(-)
base-commit bb6d3fb354c5 ("Linux 5.6-rc1")
--
2.20.1
Powered by blists - more mailing lists