lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220121073026.4173996-1-kafai@fb.com>
Date:   Thu, 20 Jan 2022 23:30:26 -0800
From:   Martin KaFai Lau <kafai@...com>
To:     <bpf@...r.kernel.org>, <netdev@...r.kernel.org>
CC:     Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        David Miller <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>, <kernel-team@...com>,
        Willem de Bruijn <willemb@...gle.com>
Subject: [RFC PATCH v3 net-next 0/4] Preserve mono delivery time (EDT) in skb->tstamp

skb->tstamp was first used as the (rcv) timestamp in real time clock base.
The major usage is to report it to the user (e.g. SO_TIMESTAMP).

Later, skb->tstamp is also set as the (future) delivery_time (e.g. EDT in TCP)
during egress and used by the qdisc (e.g. sch_fq) to make decision on when
the skb can be passed to the dev.

Currently, there is no way to tell skb->tstamp having the (rcv) timestamp
or the delivery_time, so it is always reset to 0 whenever forwarded
between egress and ingress.

While it makes sense to always clear the (rcv) timestamp in skb->tstamp
to avoid confusing sch_fq that expects the delivery_time, it is a
performance issue [0] to clear the delivery_time if the skb finally
egress to a fq@...-dev.

v3:
- Feedback from v2 is using shinfo(skb)->tx_flags could be racy.
- Considered to reuse a few bits in skb->tstamp to represent
  different semantics, other than more code churns, it will break
  the bpf usecase which currently can write and then read back
  the skb->tstamp.
- Went back to v1 idea on adding a bit to skb and address the
  feedbacks on v1:
- Added one bit skb->mono_delivery_time to flag that
  the skb->tstamp has the mono delivery_time (EDT), instead
  of adding a bit to flag if the skb->tstamp has been forwarded or not.
- Instead of resetting the delivery_time back to the (rcv) timestamp
  during recvmsg syscall which may be too late and not useful,
  the delivery_time reset in v3 happens earlier once the stack
  knows that the skb will be delivered locally.
- Handled the tapping@...ress case by af_packet
- No need to change the (rcv) timestamp to mono clock base as in v1.
  The added one bit to flag skb->mono_delivery_time is enough
  to keep the EDT delivery_time during forward.
- Added logic to the bpf side to make the existing bpf
  running at ingress can still get the (rcv) timestamp
  when reading the __sk_buff->tstamp.  New __sk_buff->mono_delivery_time
  is also added.  Test is still needed to test this piece.

Martin KaFai Lau (4):
  net: Add skb->mono_delivery_time to distinguish mono delivery_time
    from (rcv) timestamp
  net: Add skb_clear_tstamp() to keep the mono delivery_time
  net: Set skb->mono_delivery_time and clear it when delivering locally
  bpf: Add __sk_buff->mono_delivery_time and handle __sk_buff->tstamp
    based on tc_at_ingress

 drivers/net/loopback.c                     |   2 +-
 include/linux/filter.h                     |  31 ++++-
 include/linux/skbuff.h                     |  64 ++++++++--
 include/uapi/linux/bpf.h                   |   1 +
 net/bridge/br_forward.c                    |   2 +-
 net/bridge/netfilter/nf_conntrack_bridge.c |   5 +-
 net/core/dev.c                             |   4 +-
 net/core/filter.c                          | 140 +++++++++++++++++++--
 net/core/skbuff.c                          |   8 +-
 net/ipv4/ip_forward.c                      |   2 +-
 net/ipv4/ip_input.c                        |   1 +
 net/ipv4/ip_output.c                       |   5 +-
 net/ipv4/tcp_output.c                      |  16 +--
 net/ipv6/ip6_input.c                       |   1 +
 net/ipv6/ip6_output.c                      |   7 +-
 net/ipv6/netfilter.c                       |   5 +-
 net/netfilter/ipvs/ip_vs_xmit.c            |   6 +-
 net/netfilter/nf_dup_netdev.c              |   2 +-
 net/netfilter/nf_flow_table_ip.c           |   4 +-
 net/netfilter/nft_fwd_netdev.c             |   2 +-
 net/openvswitch/vport.c                    |   2 +-
 net/packet/af_packet.c                     |   4 +-
 net/sched/act_bpf.c                        |   5 +-
 net/sched/cls_bpf.c                        |   6 +-
 net/xfrm/xfrm_interface.c                  |   2 +-
 tools/include/uapi/linux/bpf.h             |   1 +
 26 files changed, 265 insertions(+), 63 deletions(-)

-- 
2.30.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ