| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Mar 2021 17:57:20 +0800
From: Tony Lu <tonylu@...ux.alibaba.com>
To: Lorenz Bauer <lmb@...udflare.com>
Cc: eric.dumazet@...il.com, daniel@...earbox.net, ast@...nel.org,
andrii@...nel.org, bpf@...r.kernel.org, netdev@...r.kernel.org,
kernel-team@...udflare.com
Subject: Re: [PATCH bpf-next v3 0/4] Expose network namespace cookies to user
space
On Fri, Feb 19, 2021 at 03:43:26PM +0000, Lorenz Bauer wrote:
> We're working on a user space control plane for the BPF sk_lookup
> hook [1]. The hook attaches to a network namespace and allows
> control over which socket receives a new connection / packet.
We are developing a net stack latency tracing tool, which need
net_cookie to distinguish different net namespace. Besides that, our
container management system need to read net_cookie from userspace.
In [0], you said you would give up this patch set. Could you reconsider
continuing with these patches? Because we also need them.
net_cookie could be an unified net namespace ID to replace netns inode,
but there are lots of work to do.
[0]: https://lkml.org/lkml/2021/3/10/254
Cheers,
Tony Lu
>
> I'm proposing to add a new getsockopt and a netns ioctl to retrieve
> netns cookies, which allows identifying which netns a socket belongs
> to.
>
> 1: https://www.kernel.org/doc/html/latest/bpf/prog_sk_lookup.html
>
> Changes in v3:
> - Use sock_net unconditionally
> - Fix unused variable in nsfs ioctl
> - Be strict about getsockopt value size
>
> Changes in v2:
> - Rebase on top of Eric Dumazet's netns cookie simplification
>
> Lorenz Bauer (4):
> net: add SO_NETNS_COOKIE socket option
> nsfs: add an ioctl to discover the network namespace cookie
> tools/testing: add test for NS_GET_COOKIE
> tools/testing: add a selftest for SO_NETNS_COOKIE
>
> arch/alpha/include/uapi/asm/socket.h | 2 +
> arch/mips/include/uapi/asm/socket.h | 2 +
> arch/parisc/include/uapi/asm/socket.h | 2 +
> arch/sparc/include/uapi/asm/socket.h | 2 +
> fs/nsfs.c | 7 +++
> include/uapi/asm-generic/socket.h | 2 +
> include/uapi/linux/nsfs.h | 2 +
> net/core/sock.c | 7 +++
> tools/testing/selftests/net/.gitignore | 1 +
> tools/testing/selftests/net/Makefile | 2 +-
> tools/testing/selftests/net/config | 1 +
> tools/testing/selftests/net/so_netns_cookie.c | 61 +++++++++++++++++++
> tools/testing/selftests/nsfs/.gitignore | 1 +
> tools/testing/selftests/nsfs/Makefile | 2 +-
> tools/testing/selftests/nsfs/config | 1 +
> tools/testing/selftests/nsfs/netns.c | 57 +++++++++++++++++
> 16 files changed, 150 insertions(+), 2 deletions(-)
> create mode 100644 tools/testing/selftests/net/so_netns_cookie.c
> create mode 100644 tools/testing/selftests/nsfs/netns.c
>
> --
> 2.27.0
Powered by blists - more mailing lists