lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20221121133132.1837107-1-nikolay.borisov@virtuozzo.com>
Date:   Mon, 21 Nov 2022 15:31:29 +0200
From:   Nikolay Borisov <nikolay.borisov@...tuozzo.com>
To:     nhorman@...driver.com
Cc:     davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
        netdev@...r.kernel.org, den@...tuozzo.com, khorenko@...tuozzo.com,
        Nikolay Borisov <nikolay.borisov@...tuozzo.com>
Subject: [PATCH net-next 0/3] Add support for netnamespace filtering in drop monitor

This series adds support for conveying as well as filtering based on the the
id of the net namespace where a particular event originated. This is especially
useful when dealing with systems hosting 10s or 100s of containers.

Currently software as well as devlink-originated drops are supported. There is
somewhat a "breaking" change since I had to modify the net_dm_drop_point struct
and this in turn broke wireshark's dissector of the net_dm protocol as a result
the existing 'Capturing active hardware drops' test fails. I tried understanding
what has to be changed in https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-netlink-net_dm.c
in order to fix the dissector but couldn't figure it out, any help would be
appreciated.

I've also provided tests for the new functionality so it should be obvious how
it's supposed to be used.

Nikolay Borisov (3):
  drop_monitor: Implement namespace filtering/reporting for software
    drops
  drop_monitor: Add namespace filtering/reporting for hardware drops
  selftests: net: Add drop monitor tests for namespace filtering
    functionality

 include/uapi/linux/net_dropmon.h              |   3 +
 net/core/drop_monitor.c                       |  64 ++++++++-
 .../selftests/net/drop_monitor_tests.sh       | 127 +++++++++++++++---
 3 files changed, 171 insertions(+), 23 deletions(-)

--
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ