lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d0f91700-0a0c-b464-4a25-2f0cc24987e6@wifirst.fr>
Date:   Thu, 9 Jun 2022 09:58:45 +0200
From:   Florent Fourcot <florent.fourcot@...irst.fr>
To:     David Ahern <dsahern@...nel.org>,
        Florent Fourcot <florent.fourcot@...irst.fr>,
        netdev@...r.kernel.org
Cc:     Eric Dumazet <edumazet@...gle.com>,
        Daniel Borkmann <daniel@...earbox.net>
Subject: Re: [PATCH v2 net-next] net: neigh: add netlink filtering based on
 LLADDR for dump

Hello David,

> 
> Kernel side filtering has always been kept to simple, coarse grained
> checks - like a device index or upper device index. It's a fine line
> managing kernel cycles holding the rtnl vs cycles shipping the data to
> userspace. e.g., a memcmp has a higher cost than a dev->index
> comparison. I see the point about GET only - potential for many matches
> and a lookup of the ll address is basically a filtered dump. Mixed
> thoughts on whether this should be merged.

Thanks for your feedback. As you know, this option will not slow down 
standard dump.

I understand your concern, but the choice is between:
  * putting all entries on socket to send data to userspace. It means 
several memcpy (at least one for L3 address, one for L2 address) for 
each entries
  * Use proposed filter, with a single memcmp. memcpy is not called for 
filtered out entries.

My solution looks faster, but I can send a v3 with some numbers if you 
think that it's important to get this patch merged.


Best regards,

-- 
Florent Fourcot

-- 
*Ce message et toutes les pièces jointes (ci-après le "message") sont 
établis à l’intention exclusive des destinataires désignés. Il contient des 
informations confidentielles et pouvant être protégé par le secret 
professionnel. Si vous recevez ce message par erreur, merci d'en avertir 
immédiatement l'expéditeur et de détruire le message. Toute utilisation de 
ce message non conforme à sa destination, toute diffusion ou toute 
publication, totale ou partielle, est interdite, sauf autorisation expresse 
de l'émetteur*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ