lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <YEs7AKXmuoMvt5Tf@TonyMac-Alibaba>
Date:   Fri, 12 Mar 2021 17:57:20 +0800
From:   Tony Lu <tonylu@...ux.alibaba.com>
To:     Lorenz Bauer <lmb@...udflare.com>
Cc:     eric.dumazet@...il.com, daniel@...earbox.net, ast@...nel.org,
        andrii@...nel.org, bpf@...r.kernel.org, netdev@...r.kernel.org,
        kernel-team@...udflare.com
Subject: Re: [PATCH bpf-next v3 0/4] Expose network namespace cookies to user
 space

On Fri, Feb 19, 2021 at 03:43:26PM +0000, Lorenz Bauer wrote:
> We're working on a user space control plane for the BPF sk_lookup
> hook [1]. The hook attaches to a network namespace and allows
> control over which socket receives a new connection / packet.

We are developing a net stack latency tracing tool, which need
net_cookie to distinguish different net namespace. Besides that, our
container management system need to read net_cookie from userspace. 

In [0], you said you would give up this patch set. Could you reconsider
continuing with these patches? Because we also need them. 

net_cookie could be an unified net namespace ID to replace netns inode,
but there are lots of work to do.

[0]: https://lkml.org/lkml/2021/3/10/254


Cheers,
Tony Lu

> 
> I'm proposing to add a new getsockopt and a netns ioctl to retrieve
> netns cookies, which allows identifying which netns a socket belongs
> to.
> 
> 1: https://www.kernel.org/doc/html/latest/bpf/prog_sk_lookup.html
> 
> Changes in v3:
> - Use sock_net unconditionally
> - Fix unused variable in nsfs ioctl
> - Be strict about getsockopt value size
> 
> Changes in v2:
> - Rebase on top of Eric Dumazet's netns cookie simplification
> 
> Lorenz Bauer (4):
>   net: add SO_NETNS_COOKIE socket option
>   nsfs: add an ioctl to discover the network namespace cookie
>   tools/testing: add test for NS_GET_COOKIE
>   tools/testing: add a selftest for SO_NETNS_COOKIE
> 
>  arch/alpha/include/uapi/asm/socket.h          |  2 +
>  arch/mips/include/uapi/asm/socket.h           |  2 +
>  arch/parisc/include/uapi/asm/socket.h         |  2 +
>  arch/sparc/include/uapi/asm/socket.h          |  2 +
>  fs/nsfs.c                                     |  7 +++
>  include/uapi/asm-generic/socket.h             |  2 +
>  include/uapi/linux/nsfs.h                     |  2 +
>  net/core/sock.c                               |  7 +++
>  tools/testing/selftests/net/.gitignore        |  1 +
>  tools/testing/selftests/net/Makefile          |  2 +-
>  tools/testing/selftests/net/config            |  1 +
>  tools/testing/selftests/net/so_netns_cookie.c | 61 +++++++++++++++++++
>  tools/testing/selftests/nsfs/.gitignore       |  1 +
>  tools/testing/selftests/nsfs/Makefile         |  2 +-
>  tools/testing/selftests/nsfs/config           |  1 +
>  tools/testing/selftests/nsfs/netns.c          | 57 +++++++++++++++++
>  16 files changed, 150 insertions(+), 2 deletions(-)
>  create mode 100644 tools/testing/selftests/net/so_netns_cookie.c
>  create mode 100644 tools/testing/selftests/nsfs/netns.c
> 
> -- 
> 2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ