lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 9 May 2022 13:24:41 -0700
From:   Martin KaFai Lau <kafai@...com>
To:     Wille Kuutti <wille.kuutti@...tti.com>
Cc:     'Alexei Starovoitov' <ast@...nel.org>,
        'Daniel Borkmann' <daniel@...earbox.net>,
        'Andrii Nakryiko' <andrii@...nel.org>,
        'Song Liu' <songliubraving@...com>,
        'Yonghong Song' <yhs@...com>,
        'John Fastabend' <john.fastabend@...il.com>,
        'KP Singh' <kpsingh@...nel.org>,
        "'David S. Miller'" <davem@...emloft.net>,
        'Eric Dumazet' <edumazet@...gle.com>,
        'Jakub Kicinski' <kuba@...nel.org>,
        'Paolo Abeni' <pabeni@...hat.com>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net/core: Make bpf_skb_adjust_room BPF helper available
 for packets with non IPv4 or IPv6 payload

On Fri, May 06, 2022 at 01:06:20AM +0300, Wille Kuutti wrote:
> Network traffic is not limited to only IPv4 and IPv6 protocols, but several
> other L3 networking protocols are in common use in several
> applications and deployment scenarios which also could utilize BPF. This
> change enables the bpf_skb_adjust_room BPF helper to adjust the
> room after the MAC header using BPF_ADJ_ROOM_MAC option for packets with any
> L3 payload. For BPF_ADJ_ROOM_NET option only IPv4 and IPv6 are
> still supported as each L3 protocol would need it's own logic to determine
> the length of the L3 header to enable adjustment after the L3
> headers.
What are the non IPv4/6 use cases ? selftests are required for at least
some of these use cases.

Please tag the 'Subject' with bpf-next.

> Signed-off-by: Wille Kuutti <wille.kuutti@...tti.com>
> ---
> net/core/filter.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 64470a727ef7..c6790a763c9b 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -3362,7 +3362,7 @@ static u32 bpf_skb_net_base_len(const struct sk_buff
> *skb)
>         case htons(ETH_P_IPV6):
>                 return sizeof(struct ipv6hdr);
>         default:
> -               return ~0U;
> +               return 0U;
Does it affect the len_min test in bpf_skb_adjust_room ?

>         }
> }
> 
> @@ -3582,7 +3582,8 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb,
> s32, len_diff,
>         if (unlikely(len_diff_abs > 0xfffU))
>                 return -EFAULT;
>         if (unlikely(proto != htons(ETH_P_IP) &&
> -                    proto != htons(ETH_P_IPV6)))
> +                       proto != htons(ETH_P_IPV6) &&
> +                       mode != BPF_ADJ_ROOM_MAC))
>                 return -ENOTSUPP;
> 
>         off = skb_mac_header_len(skb);
> --
> 2.32.0
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ