lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2020 08:57:29 -0700 From: Eric Dumazet <edumazet@...gle.com> To: Martin KaFai Lau <kafai@...com> Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, kernel-team <kernel-team@...com>, Lawrence Brakmo <brakmo@...com>, Neal Cardwell <ncardwell@...gle.com>, netdev <netdev@...r.kernel.org>, Yuchung Cheng <ycheng@...gle.com> Subject: Re: [PATCH v3 bpf-next 1/9] tcp: Use a struct to represent a saved_syn On Thu, Jul 30, 2020 at 1:57 PM Martin KaFai Lau <kafai@...com> wrote: > > The TCP_SAVE_SYN has both the network header and tcp header. > The total length of the saved syn packet is currently stored in > the first 4 bytes (u32) of an array and the actual packet data is > stored after that. > > A latter patch will add a bpf helper that allows to get the tcp header s/latter/later/ > alone from the saved syn without the network header. It will be more > convenient to have a direct offset to a specific header instead of > re-parsing it. This requires to separately store the network hdrlen. > The total header length (i.e. network + tcp) is still needed for the > current usage in getsockopt. Although this total length can be obtained > by looking into the tcphdr and then get the (th->doff << 2), this patch > chooses to directly store the tcp hdrlen in the second four bytes of > this newly created "struct saved_syn". By using a new struct, it can > give a readable name to each individual header length. > > Signed-off-by: Martin KaFai Lau <kafai@...com> > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > index a018bafd7bdf..6c38ca9de17e 100644 > --- a/net/ipv4/tcp_input.c > +++ b/net/ipv4/tcp_input.c > @@ -6598,13 +6598,14 @@ static void tcp_reqsk_record_syn(const struct sock *sk, > { > if (tcp_sk(sk)->save_syn) { > u32 len = skb_network_header_len(skb) + tcp_hdrlen(skb); > - u32 *copy; > - > - copy = kmalloc(len + sizeof(u32), GFP_ATOMIC); > - if (copy) { > - copy[0] = len; > - memcpy(©[1], skb_network_header(skb), len); > - req->saved_syn = copy; > + struct saved_syn *saved_syn; > + > + saved_syn = kmalloc(len + sizeof(*saved_syn), GFP_ATOMIC); Please use saved_syn = kmalloc(struct_size(saved_syn, data, len), GFP_ATOMIC) This will avoid yet another trivial patch in the future. > + if (saved_syn) { > + saved_syn->network_hdrlen = skb_network_header_len(skb); > + saved_syn->tcp_hdrlen = tcp_hdrlen(skb); > + memcpy(saved_syn->data, skb_network_header(skb), len); > + req->saved_syn = saved_syn; > } > } > } > -- > 2.24.1 >
Powered by blists - more mailing lists