lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Aug 2020 17:52:40 -0700 From: Eric Dumazet <edumazet@...gle.com> To: Martin KaFai Lau <kafai@...com> Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, kernel-team <kernel-team@...com>, Lawrence Brakmo <brakmo@...com>, Neal Cardwell <ncardwell@...gle.com>, netdev <netdev@...r.kernel.org>, Yuchung Cheng <ycheng@...gle.com> Subject: Re: [RFC PATCH v4 bpf-next 07/12] bpf: tcp: Add bpf_skops_hdr_opt_len() and bpf_skops_write_hdr_opt() On Mon, Aug 3, 2020 at 4:11 PM Martin KaFai Lau <kafai@...com> wrote: > > The bpf prog needs to parse the SYN header to learn what options have > been sent by the peer's bpf-prog before writing its options into SYNACK. > This patch adds a "syn_skb" arg to tcp_make_synack() and send_synack(). > This syn_skb will eventually be made available (as read-only) to the > bpf prog. > > When writing options, the bpf prog will first be called to tell the > kernel its required number of bytes. It is done by the new > bpf_skops_hdr_opt_len(). The bpf prog will only be called when the new > BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG is set in tp->bpf_sock_ops_cb_flags. > When the bpf prog returns, the kernel will know how many bytes are needed > and then update the "*remaining" arg accordingly. 4 byte alignment will > be included in the "*remaining" before this function returns. The 4 byte > aligned number of bytes will also be stored into the opts->bpf_opt_len. > "bpf_opt_len" is a newly added member to the struct tcp_out_options. > > Then the new bpf_skops_write_hdr_opt() will call the bpf prog to write the > header options. The bpf prog is only called if it has reserved spaces > before (opts->bpf_opt_len > 0). > > The bpf prog is the last one getting a chance to reserve header space > and writing the header option. > > These two functions are half implemented to highlight the changes in > TCP stack. The actual codes preparing the bpf running context and > invoking the bpf prog will be added in the later patch with other > necessary bpf pieces. > > Signed-off-by: Martin KaFai Lau <kafai@...com> > Reviewed-by: Eric Dumazet <edumazet@...gle.com>
Powered by blists - more mailing lists