lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Mar 2020 16:39:55 -0700
From:   Joe Stringer <joe@...d.net.nz>
To:     Joe Stringer <joe@...d.net.nz>
Cc:     Martin KaFai Lau <kafai@...com>, Lorenz Bauer <lmb@...udflare.com>,
        bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        Eric Dumazet <eric.dumazet@...il.com>
Subject: Re: [PATCHv2 bpf-next 5/5] selftests: bpf: add test for sk_assign

On Wed, Mar 25, 2020 at 11:38 PM Joe Stringer <joe@...d.net.nz> wrote:
>
> On Wed, Mar 25, 2020 at 11:25 PM Martin KaFai Lau <kafai@...com> wrote:
> >
> > On Wed, Mar 25, 2020 at 01:55:59PM -0700, Joe Stringer wrote:
> > > On Wed, Mar 25, 2020 at 3:35 AM Lorenz Bauer <lmb@...udflare.com> wrote:
> > > >
> > > > On Wed, 25 Mar 2020 at 05:58, Joe Stringer <joe@...d.net.nz> wrote:
> > > > >
> > > > > From: Lorenz Bauer <lmb@...udflare.com>
> > > > >
> > > > > Attach a tc direct-action classifier to lo in a fresh network
> > > > > namespace, and rewrite all connection attempts to localhost:4321
> > > > > to localhost:1234 (for port tests) and connections to unreachable
> > > > > IPv4/IPv6 IPs to the local socket (for address tests).
> > > >
> > > > Can you extend this to cover UDP as well?
> > >
> > > I'm working on a follow-up series for UDP, we need this too.
> > Other than selftests, what are the changes for UDP in patch 1 - 4?
>
> Nothing in those patches, I have refactoring of all of the socket
> helpers, skc_lookup_udp() and adding flags to the socket lookup
> functions to support only looking for a certain type of sockets -
> established or listen. This helps to avoid multiple lookups in these
> cases where you really just want to look up established sockets with
> the packet tuple first then look up the listener socket with the
> unrelated/tproxy tuple. For UDP it makes it easier to find the correct
> socket and in general (including TCP) helps to avoid up to two socket
> hashtable lookups for this use case. This part is because the current
> helpers all look up the established socket first then the listener
> socket, so for the first packet that hits these we perform both of
> these lookups for the packet tuple (which finds nothing), then look up
> an established socket for the target tuple (which finds nothing) then
> finally a listen socket for the target tuple. It's about another 300+
> / 250- changes overall, of which a large chunk is one patch that
> refactors the code into macros. I haven't narrowed down for sure
> whether the lookup flags patch is required for UDP cases yet.

FWIW I did some more testing and it was not apparent that
skc_lookup_udp is at all necessary, I was able to roll in UDP support
in the next revision of this series with no special extra patches.

I'll keep working on those other optimizations in the background though.

Powered by blists - more mailing lists