From: Cong Wang <amwang@redhat.com>
To: Octavian Purdila <opurdila@ixiacom.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
davem@davemloft.net, linux-kernel@vger.kernel.org,
eric.dumazet@gmail.com, linux-rdma@vger.kernel.org,
netdev@vger.kernel.org, nhorman@tuxdriver.com,
linux-sctp@vger.kernel.org
Subject: Re: [RFC Patch] net: reserve ports for applications using fixed port numbers
Date: Fri, 05 Feb 2010 14:01:43 +0800 [thread overview]
Message-ID: <4B6BB447.8080806@redhat.com> (raw)
In-Reply-To: <201002050305.22227.opurdila@ixiacom.com>
Octavian Purdila wrote:
> On Friday 05 February 2010 02:41:12 you wrote:
>> David Miller wrote:
>>>> Octavian Purdila wrote:
>>>>> int inet_is_reserved_local_port(int port)
>>>>> {
>>>>> if (test_bit(port, reserved_ports))
>>>>> return 1;
>>>>> return 0;
>>>>> }
>>>> Above check is exactly what I'm doing in the LSM hook.
>>> But his version can be done inline in 2 or 3 instructions.
>>>
>>> An LSM hook will result in an indirect function call,
>>> all live registers spilled to the stack, then all of
>>> those reloaded when the function returns.
>>>
>>> It will be much more expensive.
>> If you can accept his version, I want to use his version (with an interface
>> for updating above "reserved_ports" by not only root user's sysctl() but
>> also MAC's policy configuration).
>>
>
> I think that simply using an interface to update the reserved_ports from MAC
> policy configuration module wouldn't work, as root will be able to modify the
> policy via sysctl.
>
> I think that we might need to:
>
> a) have a reserved_port updater
>
> b) put a LSM hook into that
>
> c) use the reserved_port updater from sysctl
>
>
Ideally, you'd provide an interface for port allocator to use, so
doing port reservation will be easier.
Thanks.
WARNING: multiple messages have this Message-ID (diff)
From: Cong Wang <amwang@redhat.com>
To: Octavian Purdila <opurdila@ixiacom.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
davem@davemloft.net, linux-kernel@vger.kernel.org,
eric.dumazet@gmail.com, linux-rdma@vger.kernel.org,
netdev@vger.kernel.org, nhorman@tuxdriver.com,
linux-sctp@vger.kernel.org
Subject: Re: [RFC Patch] net: reserve ports for applications using fixed port
Date: Fri, 05 Feb 2010 05:58:36 +0000 [thread overview]
Message-ID: <4B6BB447.8080806@redhat.com> (raw)
In-Reply-To: <201002050305.22227.opurdila@ixiacom.com>
Octavian Purdila wrote:
> On Friday 05 February 2010 02:41:12 you wrote:
>> David Miller wrote:
>>>> Octavian Purdila wrote:
>>>>> int inet_is_reserved_local_port(int port)
>>>>> {
>>>>> if (test_bit(port, reserved_ports))
>>>>> return 1;
>>>>> return 0;
>>>>> }
>>>> Above check is exactly what I'm doing in the LSM hook.
>>> But his version can be done inline in 2 or 3 instructions.
>>>
>>> An LSM hook will result in an indirect function call,
>>> all live registers spilled to the stack, then all of
>>> those reloaded when the function returns.
>>>
>>> It will be much more expensive.
>> If you can accept his version, I want to use his version (with an interface
>> for updating above "reserved_ports" by not only root user's sysctl() but
>> also MAC's policy configuration).
>>
>
> I think that simply using an interface to update the reserved_ports from MAC
> policy configuration module wouldn't work, as root will be able to modify the
> policy via sysctl.
>
> I think that we might need to:
>
> a) have a reserved_port updater
>
> b) put a LSM hook into that
>
> c) use the reserved_port updater from sysctl
>
>
Ideally, you'd provide an interface for port allocator to use, so
doing port reservation will be easier.
Thanks.
next prev parent reply other threads:[~2010-02-05 6:01 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-03 4:30 [RFC Patch] net: reserve ports for applications using fixed port numbers Amerigo Wang
2010-02-03 4:30 ` Amerigo Wang
2010-02-03 4:30 ` Amerigo Wang
[not found] ` <20100203043332.3817.27932.sendpatchset-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2010-02-03 4:39 ` Eric Dumazet
2010-02-03 4:39 ` Eric Dumazet
2010-02-03 4:39 ` [RFC Patch] net: reserve ports for applications using fixed Eric Dumazet
2010-02-03 5:15 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Cong Wang
2010-02-03 5:15 ` Cong Wang
2010-02-03 5:15 ` [RFC Patch] net: reserve ports for applications using fixed port Cong Wang
2010-02-03 11:12 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Octavian Purdila
2010-02-03 11:12 ` Octavian Purdila
2010-02-03 11:12 ` Octavian Purdila
[not found] ` <201002031312.48531.opurdila-+zzKsuq53OdBDgjK7y7TUQ@public.gmane.org>
2010-02-04 3:23 ` Cong Wang
2010-02-04 3:23 ` Cong Wang
2010-02-04 3:23 ` [RFC Patch] net: reserve ports for applications using fixed port Cong Wang
[not found] ` <4B6A3DBA.1000706-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-02-04 12:44 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Octavian Purdila
2010-02-04 12:44 ` Octavian Purdila
2010-02-04 12:44 ` Octavian Purdila
[not found] ` <201002041444.01897.opurdila-+zzKsuq53OdBDgjK7y7TUQ@public.gmane.org>
2010-02-04 17:41 ` David Miller
2010-02-04 17:41 ` David Miller
2010-02-04 17:41 ` [RFC Patch] net: reserve ports for applications using fixed David Miller
[not found] ` <20100204.094110.64247447.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2010-02-04 18:15 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Octavian Purdila
2010-02-04 18:15 ` Octavian Purdila
2010-02-04 18:15 ` Octavian Purdila
[not found] ` <201002042015.51092.opurdila-+zzKsuq53OdBDgjK7y7TUQ@public.gmane.org>
2010-02-04 18:21 ` David Miller
2010-02-04 18:21 ` David Miller
2010-02-04 18:21 ` [RFC Patch] net: reserve ports for applications using fixed David Miller
2010-02-04 21:45 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Tetsuo Handa
2010-02-04 21:45 ` Tetsuo Handa
2010-02-04 21:45 ` Tetsuo Handa
[not found] ` <201002050645.CEC95380.MLOtOVFFHSFOQJ-JPay3/Yim36HaxMnTkn67Xf5DAMn2ifp@public.gmane.org>
2010-02-04 21:56 ` David Miller
2010-02-04 21:56 ` David Miller
2010-02-04 21:56 ` [RFC Patch] net: reserve ports for applications using fixed David Miller
2010-02-05 0:41 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Tetsuo Handa
2010-02-05 0:41 ` Tetsuo Handa
2010-02-05 1:05 ` Octavian Purdila
2010-02-05 1:05 ` Octavian Purdila
2010-02-05 5:58 ` Cong Wang [this message]
2010-02-05 6:01 ` Cong Wang
2010-02-05 12:28 ` Octavian Purdila
2010-02-05 12:28 ` Octavian Purdila
2010-02-05 4:45 ` Cong Wang
2010-02-05 4:45 ` [RFC Patch] net: reserve ports for applications using fixed port Cong Wang
[not found] ` <4B6BA272.4090405-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-02-05 12:05 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Octavian Purdila
2010-02-05 12:05 ` Octavian Purdila
2010-02-05 12:05 ` Octavian Purdila
[not found] ` <201002051405.54029.opurdila-+zzKsuq53OdBDgjK7y7TUQ@public.gmane.org>
2010-02-08 3:21 ` Cong Wang
2010-02-08 3:21 ` Cong Wang
2010-02-08 3:21 ` [RFC Patch] net: reserve ports for applications using fixed port Cong Wang
[not found] ` <4B6F834E.4010801-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-02-08 16:51 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Octavian Purdila
2010-02-08 16:51 ` Octavian Purdila
2010-02-08 16:51 ` Octavian Purdila
2010-02-05 7:11 ` Bart Van Assche
2010-02-05 7:11 ` Bart Van Assche
2010-02-05 7:11 ` [RFC Patch] net: reserve ports for applications using fixed port Bart Van Assche
2010-02-05 7:25 ` [RFC Patch] net: reserve ports for applications using fixed port numbers Cong Wang
2010-02-05 7:25 ` [RFC Patch] net: reserve ports for applications using fixed port Cong Wang
2010-02-05 9:08 ` [RFC Patch] net: reserve ports for applications using fixed portnumbers Tetsuo Handa
2010-02-05 9:08 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6BB447.8080806@redhat.com \
--to=amwang@redhat.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=opurdila@ixiacom.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.