| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Mar 2021 10:02:02 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: Yonghong Song <yhs@...com>
Cc: Linux Kernel Network Developers <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>, duanxiongchun@...edance.com,
Dongdong Wang <wangdongdong.6@...edance.com>,
Jiang Wang <jiang.wang@...edance.com>,
Cong Wang <cong.wang@...edance.com>,
John Fastabend <john.fastabend@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
Jakub Sitnicki <jakub@...udflare.com>,
Lorenz Bauer <lmb@...udflare.com>
Subject: Re: [Patch bpf-next v2 8/9] sock_map: update sock type checks for UDP
On Tue, Mar 2, 2021 at 10:37 PM Yonghong Song <yhs@...com> wrote:
>
>
>
> On 3/1/21 6:37 PM, Cong Wang wrote:
> > From: Cong Wang <cong.wang@...edance.com>
> >
> > Now UDP supports sockmap and redirection, we can safely update
> > the sock type checks for it accordingly.
> >
> > Cc: John Fastabend <john.fastabend@...il.com>
> > Cc: Daniel Borkmann <daniel@...earbox.net>
> > Cc: Jakub Sitnicki <jakub@...udflare.com>
> > Cc: Lorenz Bauer <lmb@...udflare.com>
> > Signed-off-by: Cong Wang <cong.wang@...edance.com>
> > ---
> > net/core/sock_map.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/core/sock_map.c b/net/core/sock_map.c
> > index 13d2af5bb81c..f7eee4b7b994 100644
> > --- a/net/core/sock_map.c
> > +++ b/net/core/sock_map.c
> > @@ -549,7 +549,10 @@ static bool sk_is_udp(const struct sock *sk)
> >
> > static bool sock_map_redirect_allowed(const struct sock *sk)
> > {
> > - return sk_is_tcp(sk) && sk->sk_state != TCP_LISTEN;
> > + if (sk_is_tcp(sk))
> > + return sk->sk_state != TCP_LISTEN;
> > + else
> > + return sk->sk_state == TCP_ESTABLISHED;
>
> Not a networking expert, a dump question. Here we tested
> whether sk_is_tcp(sk) or not, if not we compare
> sk->sk_state == TCP_ESTABLISHED, could this be
> always false? Mostly I missed something, some comments
> here will be good.
No, dgram sockets also use TCP_ESTABLISHED as a valid
state. I know its name looks confusing, but it is already widely
used in networking:
net/appletalk/ddp.c: sk->sk_state = TCP_ESTABLISHED;
net/appletalk/ddp.c: if (sk->sk_state != TCP_ESTABLISHED)
net/appletalk/ddp.c: if (sk->sk_state != TCP_ESTABLISHED)
net/ax25/af_ax25.c: sk->sk_state = TCP_ESTABLISHED;
net/ax25/af_ax25.c: case TCP_ESTABLISHED: /* connection
established */
net/ax25/af_ax25.c: if (sk->sk_state == TCP_ESTABLISHED &&
sk->sk_type == SOCK_SEQPACKET) {
net/ax25/af_ax25.c: sk->sk_state = TCP_ESTABLISHED;
net/ax25/af_ax25.c: if (sk->sk_state != TCP_ESTABLISHED && (flags
& O_NONBLOCK)) {
net/ax25/af_ax25.c: if (sk->sk_state != TCP_ESTABLISHED) {
net/ax25/af_ax25.c: if (sk->sk_state != TCP_ESTABLISHED) {
net/ax25/af_ax25.c: if (sk->sk_state != TCP_ESTABLISHED) {
net/ax25/af_ax25.c: if (sk->sk_state != TCP_ESTABLISHED) {
net/ax25/af_ax25.c: if (sk->sk_type == SOCK_SEQPACKET &&
sk->sk_state != TCP_ESTABLISHED) {
net/ax25/ax25_ds_in.c: ax25->sk->sk_state = TCP_ESTABLISHED;
net/ax25/ax25_in.c: make->sk_state = TCP_ESTABLISHED;
net/ax25/ax25_std_in.c: ax25->sk->sk_state =
TCP_ESTABLISHED;
net/caif/caif_socket.c: CAIF_CONNECTED = TCP_ESTABLISHED,
net/ceph/messenger.c: case TCP_ESTABLISHED:
net/ceph/messenger.c: dout("%s TCP_ESTABLISHED\n", __func__);
net/core/datagram.c: !(sk->sk_state == TCP_ESTABLISHED ||
sk->sk_state == TCP_LISTEN))
...
Hence, I believe it is okay to use it as it is, otherwise we would need
to comment on every use of it. ;)
Thanks.
Powered by blists - more mailing lists