lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220209211202.7cddd337@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Wed, 9 Feb 2022 21:12:02 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Menglong Dong <menglong8.dong@...il.com>
Cc:     David Ahern <dsahern@...il.com>, David Ahern <dsahern@...nel.org>,
        Steven Rostedt <rostedt@...dmis.org>, mingo@...hat.com,
        David Miller <davem@...emloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        pablo@...filter.org, kadlec@...filter.org,
        Florian Westphal <fw@...len.de>,
        Menglong Dong <imagedong@...cent.com>,
        Eric Dumazet <edumazet@...gle.com>, alobakin@...me,
        paulb@...dia.com, Kees Cook <keescook@...omium.org>,
        talalahmad@...gle.com, haokexin@...il.com, memxor@...il.com,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>, netfilter-devel@...r.kernel.org,
        coreteam@...filter.org, Cong Wang <cong.wang@...edance.com>
Subject: Re: [PATCH v3 net-next 1/7] net: skb_drop_reason: add document for
 drop reasons

On Thu, 10 Feb 2022 11:19:49 +0800 Menglong Dong wrote:
> I'm doing the job of using kfree_skb_reason() for the TCP layer,
> and I have some puzzles.
> 
> When collecting drop reason for tcp_v4_inbound_md5_hash() in
> tcp_v4_rcv(), I come up with 2 ways:
> 
> First way: pass the address of reason to tcp_v4_inbound_md5_hash()
> like this:
> 
>  static bool tcp_v4_inbound_md5_hash(const struct sock *sk,
>                       const struct sk_buff *skb,
> -                    int dif, int sdif)
> +                    int dif, int sdif,
> +                    enum skb_drop_reason *reason)
> 
> This can work, but many functions like tcp_v4_inbound_md5_hash()
> need to do such a change.
> 
> Second way: introduce a 'drop_reason' field to 'struct sk_buff'. Therefore,
> drop reason can be set by 'skb->drop_reason = SKB_DROP_REASON_XXX'
> anywhere.
> 
> For TCP, there are many cases where you can't get a drop reason in
> the place where skb is freed, so I think there needs to be a way to
> deeply collect drop reasons. The second can resolve this problem
> easily, but extra fields may have performance problems.
> 
> Do you have some better ideas?

On a quick look tcp_v4_inbound_md5_hash() returns a drop / no drop
decision, so you could just change the return type to enum
skb_drop_reason. SKB_DROP_REASON_NOT_SPECIFIED is 0 is false, 
so if (reason) goto drop; logic will hold up.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ