lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 16 Oct 2023 16:01:15 +0200
From: Davide Caratti <dcaratti@...hat.com>
To: Victor Nogueira <victor@...atatu.com>
Cc: jhs@...atatu.com, daniel@...earbox.net, xiyou.wangcong@...il.com,
	jiri@...nulli.us, davem@...emloft.net, edumazet@...gle.com,
	kuba@...nel.org, pabeni@...hat.com, paulb@...dia.com,
	bpf@...r.kernel.org, mleitner@...hat.com, martin.lau@...ux.dev,
	netdev@...r.kernel.org, kernel@...atatu.com
Subject: Re: [PATCH RFC net-next v2 1/1] net: sched: Disambiguate verdict
 from return code

hello Victor, thanks for the patch!

On Sat, Oct 14, 2023 at 03:09:21PM -0300, Victor Nogueira wrote:
> Currently there is no way to distinguish between an error and a
> classification verdict. Which has caused us a lot of pain with buggy qdiscs
> and syzkaller. This patch does 2 things - one is it disambiguates between
> an error and policy decisions. The reasons are added under the auspices of
> skb drop reason. We add the drop reason as a part of struct tcf_result.
> That way, tcf_classify can set a proper drop reason when it fails,
> and we keep the classification result as the tcf_classify's return value.
> 
> This patch also adds a variety of drop reasons which are more fine grained
> on why a packet was dropped by the TC classification action subsystem.
> 
> Co-developed-by: Daniel Borkmann <daniel@...earbox.net>
> Signed-off-by: Victor Nogueira <victor@...atatu.com>
> ---
> 
> v1 -> v2:
> - Make tcf_classify set drop reason instead of verdict in struct
>   tcf_result
> - Make tcf_classify return verdict (as it was doing before)
> - Only initialise struct tcf_result in tc_run
> - Add new drop reasons specific to TC
> - Merged v1 patch with Daniel's patch (https://lore.kernel.org/bpf/20231013141722.21165ef3@kernel.org/T/)
>   for completeness

Acked-by: Davide Caratti <dcaratti@...hat.com>

By the way, this might be a chance to remove the "TC mirred to Houston"
printout and replace it with a proper drop reason (see [1]). WDYT?

thanks,
-- 
davide

[1] https://lore.kernel.org/netdev/Yt2CIl7iCoahCPoU@pop-os.localdomain/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ