lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230418183504.cxa3wdfxs2yx4cqo@MacBook-Pro-6.local.dhcp.thefacebook.com>
Date:   Tue, 18 Apr 2023 11:35:04 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Florian Westphal <fw@...len.de>
Cc:     bpf@...r.kernel.org, netdev@...r.kernel.org,
        netfilter-devel@...r.kernel.org, dxu@...uu.xyz, qde@...cy.de
Subject: Re: [PATCH bpf-next v3 1/6] bpf: add bpf_link support for
 BPF_NETFILTER programs

On Tue, Apr 18, 2023 at 03:10:33PM +0200, Florian Westphal wrote:
> @@ -1560,6 +1562,13 @@ union bpf_attr {
>  				 */
>  				__u64		cookie;
>  			} tracing;
> +			struct {
> +				__u32		pf;
> +				__u32		hooknum;
> +				__s32		prio;
> +				__u32		flags;
> +				__u64		reserved[2];
> +			} netfilter;
>  		};
>  	} link_create;
>  
> @@ -6410,6 +6419,12 @@ struct bpf_link_info {
>  		struct {
>  			__u32 map_id;
>  		} struct_ops;
> +		struct {
> +			__u32 pf;
> +			__u32 hooknum;
> +			__s32 priority;
> +			__u32 flags;
> +		} netfilter;
>  	};
>  } __attribute__((aligned(8)));
...
> +int bpf_nf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
> +{
> +	struct net *net = current->nsproxy->net_ns;
> +	struct bpf_link_primer link_primer;
> +	struct bpf_nf_link *link;
> +	int err;
> +
> +	if (attr->link_create.flags)
> +		return -EINVAL;
> +
> +	if (attr->link_create.netfilter.reserved[0] | attr->link_create.netfilter.reserved[1])
> +		return -EINVAL;

Why add 'reserved' name that we cannot change later?
I think 'flags' is enough.

> +	link->hook_ops.pf = attr->link_create.netfilter.pf;
> +	link->hook_ops.priority = attr->link_create.netfilter.prio;

let's use the same name in both cases ? Either prio or priority. Both sound fine.

> +	link->hook_ops.hooknum = attr->link_create.netfilter.hooknum;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ