lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 3 Feb 2021 11:22:22 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Linux Kernel Network Developers <netdev@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>, duanxiongchun@...edance.com,
        Dongdong Wang <wangdongdong.6@...edance.com>,
        jiang.wang@...edance.com, Cong Wang <cong.wang@...edance.com>
Subject: Re: [Patch bpf-next 00/19] sock_map: add non-TCP and cross-protocol support

On Wed, Feb 3, 2021 at 9:48 AM Alexei Starovoitov
<alexei.starovoitov@...il.com> wrote:
>
> On Tue, Feb 02, 2021 at 08:16:17PM -0800, Cong Wang wrote:
> > From: Cong Wang <cong.wang@...edance.com>
> >
> > Currently sockmap only fully supports TCP, UDP is partially supported
> > as it is only allowed to add into sockmap. This patch extends sockmap
> > with: 1) full UDP support; 2) full AF_UNIX dgram support; 3) cross
> > protocol support. Our goal is to allow socket splice between AF_UNIX
> > dgram and UDP.
>
> Please expand on the use case. The 'splice between af_unix and udp'
> doesn't tell me much. The selftest doesn't help to understand the scope either.

Sure. We have thousands of services connected to a daemon on every host
with UNIX dgram sockets, after they are moved into VM, we have to add a proxy
to forward these communications from VM to host, because rewriting thousands
of them is not practical. This proxy uses a UNIX socket connected to services
and uses a UDP socket to connect to the host. It is inefficient because data is
copied between kernel space and user space twice, and we can not use
splice() which only supports TCP. Therefore, we want to use sockmap to do
the splicing without even going to user-space at all (after the initial setup).

My colleague Jiang (already Cc'ed) is working on the sockmap support for
vsock so that we can move from UDP to vsock for host-VM communications.

If this is useful, I can add it in this cover letter in the next update.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ