lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 24 Dec 2022 01:04:02 +0100
From:   Quentin Deslandes <qde@...cy.de>
To:     <qde@...cy.de>
CC:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>,
        Dmitrii Banshchikov <me@...que.spb.ru>,
        <linux-kernel@...r.kernel.org>, <bpf@...r.kernel.org>,
        <linux-kselftest@...r.kernel.org>, <netdev@...r.kernel.org>,
        Kernel Team <kernel-team@...a.com>
Subject: [PATCH bpf-next v3 16/16] bpfilter: handle setsockopt() calls

Use earlier introduced infrastructure and handle setsockopt(2) calls.

Co-developed-by: Dmitrii Banshchikov <me@...que.spb.ru>
Signed-off-by: Dmitrii Banshchikov <me@...que.spb.ru>
Signed-off-by: Quentin Deslandes <qde@...cy.de>
---
 net/bpfilter/main.c | 132 ++++++++++++++++++++++++++++++--------------
 1 file changed, 90 insertions(+), 42 deletions(-)

diff --git a/net/bpfilter/main.c b/net/bpfilter/main.c
index 291a92546246..c157277c48b5 100644
--- a/net/bpfilter/main.c
+++ b/net/bpfilter/main.c
@@ -1,64 +1,112 @@
 // SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2021 Telegram FZ-LLC
+ * Copyright (c) 2022 Meta Platforms, Inc. and affiliates.
+ */
+
 #define _GNU_SOURCE
-#include <sys/uio.h>
+
 #include <errno.h>
 #include <stdio.h>
-#include <sys/socket.h>
-#include <fcntl.h>
+#include <stdlib.h>
+#include <sys/types.h>
 #include <unistd.h>
-#include "../../include/uapi/linux/bpf.h"
-#include <asm/unistd.h>
+
+#include "context.h"
+#include "filter-table.h"
+#include "logger.h"
 #include "msgfmt.h"
+#include "sockopt.h"
 
-FILE *debug_f;
+#define do_exact(fd, op, buffer, count)							  \
+	({										  \
+		typeof(count) __count = count;						  \
+		size_t total = 0;							  \
+		int r = 0;								  \
+											  \
+		do {									  \
+			const ssize_t part = op(fd, (buffer) + total, (__count) - total); \
+			if (part > 0) {							  \
+				total += part;						  \
+			} else if (part == 0 && (__count) > 0) {			  \
+				r = -EIO;						  \
+				break;							  \
+			} else if (part == -1) {					  \
+				if (errno == EINTR)					  \
+					continue;					  \
+				r = -errno;						  \
+				break;							  \
+			}								  \
+		} while (total < (__count));						  \
+											  \
+		r;									  \
+	})
 
-static int handle_get_cmd(struct mbox_request *cmd)
+static int read_exact(int fd, void *buffer, size_t count)
 {
-	switch (cmd->cmd) {
-	case 0:
-		return 0;
-	default:
-		break;
-	}
-	return -ENOPROTOOPT;
+	return do_exact(fd, read, buffer, count);
+}
+
+static int write_exact(int fd, const void *buffer, size_t count)
+{
+	return do_exact(fd, write, buffer, count);
 }
 
-static int handle_set_cmd(struct mbox_request *cmd)
+static int setup_context(struct context *ctx)
 {
-	return -ENOPROTOOPT;
+	int r;
+
+	r = logger_init();
+	if (r < 0)
+		return r;
+
+	BFLOG_DBG("log file opened and ready to use");
+
+	r = create_filter_table(ctx);
+	if (r < 0)
+		BFLOG_ERR("failed to created filter table: %s", STRERR(r));
+
+	return r;
 }
 
-static void loop(void)
+static void loop(struct context *ctx)
 {
-	while (1) {
-		struct mbox_request req;
-		struct mbox_reply reply;
-		int n;
-
-		n = read(0, &req, sizeof(req));
-		if (n != sizeof(req)) {
-			fprintf(debug_f, "invalid request %d\n", n);
-			return;
-		}
-
-		reply.status = req.is_set ?
-			handle_set_cmd(&req) :
-			handle_get_cmd(&req);
-
-		n = write(1, &reply, sizeof(reply));
-		if (n != sizeof(reply)) {
-			fprintf(debug_f, "reply failed %d\n", n);
-			return;
-		}
+	struct mbox_request req;
+	struct mbox_reply reply;
+	int r;
+
+	for (;;) {
+		r = read_exact(STDIN_FILENO, &req, sizeof(req));
+		if (r)
+			BFLOG_EMERG("cannot read request: %s", STRERR(r));
+
+		reply.status = handle_sockopt_request(ctx, &req);
+
+		r = write_exact(STDOUT_FILENO, &reply, sizeof(reply));
+		if (r)
+			BFLOG_EMERG("cannot write reply: %s", STRERR(r));
 	}
 }
 
 int main(void)
 {
-	debug_f = fopen("/dev/kmsg", "w");
-	setvbuf(debug_f, 0, _IOLBF, 0);
-	fprintf(debug_f, "<5>Started bpfilter\n");
-	loop();
-	fclose(debug_f);
+	struct context ctx;
+	int r;
+
+	r = create_context(&ctx);
+	if (r)
+		return r;
+
+	r = setup_context(&ctx);
+	if (r) {
+		free_context(&ctx);
+		return r;
+	}
+
+	loop(&ctx);
+
+	// Disregard return value, the application is closed anyway.
+	(void)logger_clean();
+
 	return 0;
 }
-- 
2.38.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ