[{"id":1769693,"web_url":"http://patchwork.ozlabs.org/comment/1769693/","msgid":"<20170917141751.78f0cdbd@pixies>","list_archive_url":null,"date":"2017-09-17T11:17:51","subject":"Re: [PATCH 0/2] xt_bpf: fix handling of pinned objects","submitter":{"id":72382,"url":"http://patchwork.ozlabs.org/api/people/72382/","name":"Shmulik Ladkani","email":"shmulik@nsof.io"},"content":"please drop, wrong 'From:' field, will resend v2\n\nOn Sun, 17 Sep 2017 14:07:49 +0300\nRafael Buchbinder <shmulik@nsof.io> wrote:\n\n> Following set of commits fixes xt_bpf extension to correctly handle\n> pinned eBPF programs.\n> \n> The origin of the bug lies in the fact that xt_bpf_info_v1 structure\n> requires an open file descriptor to create an eBPF match. \n> This file descriptor is checked on every replace. However, as this file\n> descriptor is valid only for the iptables invocation which loads the\n> eBPF for the first time, all subsequent iptables invocations fail in\n> bpf_mt_check (kernel) function.\n> \n> See discussion in [1] for more details.\n> \n> The following patches add a hook in extensions which is called\n> immediately after TC_INIT to fixup whatever needs to be fixed up.\n> In case of xt_bpf, the fixup function gets the eBPF object by path to\n> populate xt_bpf_info_v1 structure with a valid file descriptor.\n> \n> [1] https://marc.info/?l=netfilter-devel&m=150530909630143&w=2\n> \n> Rafael Buchbinder (2):\n>   iptables: support match info fixup after tc_init\n>   extensions: xt_bpf: get the pinned ebpf object when match is\n>     initialized\n> \n>  extensions/libxt_bpf.c |  9 +++++++++\n>  include/xtables.h      |  3 +++\n>  iptables/ip6tables.c   | 35 +++++++++++++++++++++++++++++++++++\n>  iptables/iptables.c    | 34 ++++++++++++++++++++++++++++++++++\n>  4 files changed, 81 insertions(+)\n> \n\n--\nTo unsubscribe from this list: send the line \"unsubscribe netfilter-devel\" in\nthe body of a message to majordomo@vger.kernel.org\nMore majordomo info at  http://vger.kernel.org/majordomo-info.html","headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=nsof.io header.i=@nsof.io header.b=\"dkT+23HE\";\n\tdkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xw67T3LvYz9sBZ\n\tfor <incoming@patchwork.ozlabs.org>;\n\tSun, 17 Sep 2017 21:17:57 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1750803AbdIQLR4 (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 17 Sep 2017 07:17:56 -0400","from mail-wr0-f180.google.com ([209.85.128.180]:56673 \"EHLO\n\tmail-wr0-f180.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750793AbdIQLRz (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tSun, 17 Sep 2017 07:17:55 -0400","by mail-wr0-f180.google.com with SMTP id r74so4331673wrb.13\n\tfor <netfilter-devel@vger.kernel.org>;\n\tSun, 17 Sep 2017 04:17:55 -0700 (PDT)","from pixies (bzq-82-81-225-244.cablep.bezeqint.net.\n\t[82.81.225.244]) by smtp.gmail.com with ESMTPSA id\n\t92sm4231615wrq.83.2017.09.17.04.17.53\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tSun, 17 Sep 2017 04:17:53 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsof.io; s=google;\n\th=date:from:to:cc:subject:message-id:in-reply-to:references\n\t:mime-version:content-transfer-encoding;\n\tbh=uP8E6tohRcOYDV9Sw1uiy8aeYyUy5+mlIRYWtQrTl2s=;\n\tb=dkT+23HEC/YLRq9DricJkh7lptpdSBAzXJMm+Edj0H5vHIN2H+4sTP+Ltt386fG/C4\n\tCX69d78x4NdwmC7b+xrGV4c4dKwG0CO9pAxWz/x8UCoC7LB9T1OkRGmuyoXjbJUZKnvP\n\tPWPha3g4S2Id7Z6W63YhPFdccw2Jg3XuCSDAY=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to\n\t:references:mime-version:content-transfer-encoding;\n\tbh=uP8E6tohRcOYDV9Sw1uiy8aeYyUy5+mlIRYWtQrTl2s=;\n\tb=NnExU39fFI/PSW5mqD7TbUR/E+MK2BlIN/M/kiHTjGM+7CyHsEmu3mrYWcgR3/FyKv\n\toow47k7VdejnItSPh3LjvEcF1mv0qlMEDE6ZmH8/kLzpmliS7QM1gLovKYyBBwp607BB\n\trLaMVRgN1kdiVyuQpkHrHfHHIrrUDlmS5Cle4GUd7msrUMvoi7X8MaHBo0CwLNxJtcQ0\n\tJwumMfOd2WGEojQawJo7AvtznkwDokIrtNQC6xs/oeb8tbT1F7LH2HZerjuHU4Lq0Aad\n\tKeVcuNyzNjfRiI2YeKHXQ88RyhmIxY1yS8A5sjUO9xbNCW1Lur3GIqlclo2AyWY5a1h0\n\tygdA==","X-Gm-Message-State":"AHPjjUi+u5yc/15fJ6666uH6+lZl1ft7422AB1pvrKs4v4W6P7Dz/q6D\n\t0EW07KkzzlHMZHA6eu6/gQ==","X-Google-Smtp-Source":"ADKCNb5kJqjWn4VJ8hJU6MM0xe+qR5jaZ1i9yHdw6zInm78UlQ3J64kHi652/Ke0hywr7zLVyK2HFQ==","X-Received":"by 10.223.132.101 with SMTP id 92mr25436428wrf.85.1505647074262; \n\tSun, 17 Sep 2017 04:17:54 -0700 (PDT)","Date":"Sun, 17 Sep 2017 14:17:51 +0300","From":"Shmulik Ladkani <shmulik@nsof.io>","To":"netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>","Cc":"Willem de Bruijn <willemb@google.com>, rbk@nsof.io,\n\tRafael Buchbinder <rafi@rbk.ms>","Subject":"Re: [PATCH 0/2] xt_bpf: fix handling of pinned objects","Message-ID":"<20170917141751.78f0cdbd@pixies>","In-Reply-To":"<20170917110751.7923-1-rafi@rbk.ms>","References":"<20170917110751.7923-1-rafi@rbk.ms>","MIME-Version":"1.0","Content-Type":"text/plain; charset=US-ASCII","Content-Transfer-Encoding":"7bit","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"}}]