| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Nov 2022 16:28:16 +0200
From: Nikolay Borisov <nikolay.borisov@...tuozzo.com>
To: nhorman@...driver.com
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
netdev@...r.kernel.org, kernel@...tuozzo.com,
Nikolay Borisov <nikolay.borisov@...tuozzo.com>
Subject: [PATCH net-next v2 2/3] drop_monitor: Add namespace filtering/reporting for hardware drops
Add support for filtering and conveying the netnamespace where a
particular drop event occured. This is counterpart to the software
drop events support that was added earlier.
Signed-off-by: Nikolay Borisov <nikolay.borisov@...tuozzo.com>
---
include/uapi/linux/net_dropmon.h | 1 +
net/core/drop_monitor.c | 28 ++++++++++++++++++++++++++--
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/net_dropmon.h b/include/uapi/linux/net_dropmon.h
index 81eb2bd184e8..42d82bc424dc 100644
--- a/include/uapi/linux/net_dropmon.h
+++ b/include/uapi/linux/net_dropmon.h
@@ -96,6 +96,7 @@ enum net_dm_attr {
NET_DM_ATTR_FLOW_ACTION_COOKIE, /* binary */
NET_DM_ATTR_REASON, /* string */
NET_DM_ATTR_NS, /* u32 */
+ NET_DM_ATTR_HW_NS, /* u32 */
__NET_DM_ATTR_MAX,
NET_DM_ATTR_MAX = __NET_DM_ATTR_MAX - 1
diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
index 680f54d21f38..8e5daa6fef56 100644
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -64,6 +64,7 @@ struct net_dm_stats {
struct net_dm_hw_entry {
char trap_name[NET_DM_MAX_HW_TRAP_NAME_LEN];
u32 count;
+ u32 ns_id;
};
struct net_dm_hw_entries {
@@ -355,6 +356,9 @@ static int net_dm_hw_entry_put(struct sk_buff *msg,
if (nla_put_u32(msg, NET_DM_ATTR_HW_TRAP_COUNT, hw_entry->count))
goto nla_put_failure;
+ if (nla_put_u32(msg, NET_DM_ATTR_HW_NS, hw_entry->ns_id))
+ goto nla_put_failure;
+
nla_nest_end(msg, attr);
return 0;
@@ -452,6 +456,21 @@ static void net_dm_hw_summary_work(struct work_struct *work)
kfree(hw_entries);
}
+static bool hw_entry_matches(struct net_dm_hw_entry *entry,
+ const char *trap_name, unsigned long ns_id)
+{
+ if (net_dm_ns && entry->ns_id == net_dm_ns &&
+ !strncmp(entry->trap_name, trap_name,
+ NET_DM_MAX_HW_TRAP_NAME_LEN - 1))
+ return true;
+ else if (net_dm_ns == 0 && entry->ns_id == ns_id &&
+ !strncmp(entry->trap_name, trap_name,
+ NET_DM_MAX_HW_TRAP_NAME_LEN - 1))
+ return true;
+ else
+ return false;
+}
+
static void
net_dm_hw_trap_summary_probe(void *ignore, const struct devlink *devlink,
struct sk_buff *skb,
@@ -461,11 +480,15 @@ net_dm_hw_trap_summary_probe(void *ignore, const struct devlink *devlink,
struct net_dm_hw_entry *hw_entry;
struct per_cpu_dm_data *hw_data;
unsigned long flags;
+ unsigned long ns_id;
int i;
if (metadata->trap_type == DEVLINK_TRAP_TYPE_CONTROL)
return;
+ if (net_dm_ns && dev_net(skb->dev)->ns.inum != net_dm_ns)
+ return;
+
hw_data = this_cpu_ptr(&dm_hw_cpu_data);
spin_lock_irqsave(&hw_data->lock, flags);
hw_entries = hw_data->hw_entries;
@@ -473,10 +496,10 @@ net_dm_hw_trap_summary_probe(void *ignore, const struct devlink *devlink,
if (!hw_entries)
goto out;
+ ns_id = dev_net(skb->dev)->ns.inum;
for (i = 0; i < hw_entries->num_entries; i++) {
hw_entry = &hw_entries->entries[i];
- if (!strncmp(hw_entry->trap_name, metadata->trap_name,
- NET_DM_MAX_HW_TRAP_NAME_LEN - 1)) {
+ if (hw_entry_matches(hw_entry, metadata->trap_name, ns_id)) {
hw_entry->count++;
goto out;
}
@@ -489,6 +512,7 @@ net_dm_hw_trap_summary_probe(void *ignore, const struct devlink *devlink,
NET_DM_MAX_HW_TRAP_NAME_LEN - 1);
hw_entry->count = 1;
hw_entries->num_entries++;
+ hw_entry->ns_id = ns_id;
if (!timer_pending(&hw_data->send_timer)) {
hw_data->send_timer.expires = jiffies + dm_delay * HZ;
--
2.34.1
Powered by blists - more mailing lists