Re: BPF_MISC+BPF_COP and BPF_COPX

To: Rui Paulo <rpaulo%felyko.com@localhost>
Subject: Re: BPF_MISC+BPF_COP and BPF_COPX
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Sun, 4 Aug 2013 20:55:18 +0100

Rui Paulo <rpaulo%felyko.com@localhost> wrote:
> > 
> > Comments?
> 
> 
> Why do you need this in the first place? 

It provides us a capability to offload more complex packet processing.
My primary user would be NPF in NetBSD, e.g. one of the operations is to
lookup an IP address in a table/ipset.

> Are you sure this is a safe design? Adding this functionality to BPF
> makes me a little nervous as an error in the implementation leads to
> kernel code execution (I could be able to call random kernel functions).

This is functionality is for a custom use of BPF.  There would be no
coprocessor by default and the instruction would essentially be a NOP.
Perhaps I was not clear on bpf_set_cop(9) - it is a kernel routine, so
the user would be a kernel subsystem which has a full control over the
functions it provides.  The functions are predetermined, not random.

-- 
Mindaugas

Follow-Ups:
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Adrian Chadd

References:
- BPF_MISC+BPF_COP and BPF_COPX
  - From: Mindaugas Rasiukevicius
- Re: BPF_MISC+BPF_COP and BPF_COPX
  - From: Rui Paulo

Prev by Date: Re: BPF_MISC+BPF_COP and BPF_COPX
Next by Date: Re: BPF_MISC+BPF_COP and BPF_COPX
Previous by Thread: Re: BPF_MISC+BPF_COP and BPF_COPX
Next by Thread: Re: BPF_MISC+BPF_COP and BPF_COPX
Indexes:

Home | Main Index | Thread Index | Old Index