lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Mar 2020 23:38:23 -0700
From:   Joe Stringer <joe@...d.net.nz>
To:     Martin KaFai Lau <kafai@...com>
Cc:     Joe Stringer <joe@...d.net.nz>, Lorenz Bauer <lmb@...udflare.com>,
        bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        Eric Dumazet <eric.dumazet@...il.com>
Subject: Re: [PATCHv2 bpf-next 5/5] selftests: bpf: add test for sk_assign

On Wed, Mar 25, 2020 at 11:25 PM Martin KaFai Lau <kafai@...com> wrote:
>
> On Wed, Mar 25, 2020 at 01:55:59PM -0700, Joe Stringer wrote:
> > On Wed, Mar 25, 2020 at 3:35 AM Lorenz Bauer <lmb@...udflare.com> wrote:
> > >
> > > On Wed, 25 Mar 2020 at 05:58, Joe Stringer <joe@...d.net.nz> wrote:
> > > >
> > > > From: Lorenz Bauer <lmb@...udflare.com>
> > > >
> > > > Attach a tc direct-action classifier to lo in a fresh network
> > > > namespace, and rewrite all connection attempts to localhost:4321
> > > > to localhost:1234 (for port tests) and connections to unreachable
> > > > IPv4/IPv6 IPs to the local socket (for address tests).
> > >
> > > Can you extend this to cover UDP as well?
> >
> > I'm working on a follow-up series for UDP, we need this too.
> Other than selftests, what are the changes for UDP in patch 1 - 4?

Nothing in those patches, I have refactoring of all of the socket
helpers, skc_lookup_udp() and adding flags to the socket lookup
functions to support only looking for a certain type of sockets -
established or listen. This helps to avoid multiple lookups in these
cases where you really just want to look up established sockets with
the packet tuple first then look up the listener socket with the
unrelated/tproxy tuple. For UDP it makes it easier to find the correct
socket and in general (including TCP) helps to avoid up to two socket
hashtable lookups for this use case. This part is because the current
helpers all look up the established socket first then the listener
socket, so for the first packet that hits these we perform both of
these lookups for the packet tuple (which finds nothing), then look up
an established socket for the target tuple (which finds nothing) then
finally a listen socket for the target tuple. It's about another 300+
/ 250- changes overall, of which a large chunk is one patch that
refactors the code into macros. I haven't narrowed down for sure
whether the lookup flags patch is required for UDP cases yet.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ