From: chetan loke <loke.chetan@gmail.com>
To: Nuno Martins <nuno.martins@caixamagica.pt>
Cc: netdev <netdev@vger.kernel.org>,
Alfredo Matos <alfredo.matos@caixamagica.pt>,
Paulo Trezentos <paulo.trezentos@caixamagica.pt>
Subject: Re: [RFC PATCH 2/2] PID-based packet filtering support
Date: Wed, 4 Apr 2012 13:01:50 -0400 [thread overview]
Message-ID: <CAAsGZS4Ndue7pVOohEHyWimffZECbjVLF40wiGkGXTswJimPCA@mail.gmail.com> (raw)
In-Reply-To: <19b9f7a0f38c1bab367da6f6cf622c8c2b3a4920.1333466900.git.nuno.martins@caixamagica.pt>
On Wed, Apr 4, 2012 at 5:16 AM, Nuno Martins
<nuno.martins@caixamagica.pt> wrote:
> net/pidmonitor/Makefile | 3 +
might make sense to prefix files with 'net' tag. Like: net_pidmonitor,
net_proc_monitor.c etc. Because proc_monitor is too generic.
> +static int is_equal_packet_info(struct packetInfo *pi,
It should be 'packet_info' and not 'packetInfo'. Init-char convention
is not used in linux. same goes for portInfo and other structs(if
any).
> +static int insert_address(struct packetInfo *lpi, struct portInfo *port_info)
> +{
> +
> + switch (lpi->protocol) {
> + case IPPROTO_TCP:
> + if (!(port_info->tcp)) {
> + port_info->tcp = kmalloc(sizeof(struct local_addresses_list), GFP_KERNEL);
Do you think it might make sense to pre-alloc a list? or
managing/growing that list would add more pain/code than it's worth?
I'm just thinking in terms of search scalability when memory is
fragmented and we have lots of nodes in the tree.But I'm sure you
must've done some light tests.
> +static struct portInfo *create_packet_info(struct packetInfo *lpi)
> +{
> + struct portInfo *pi = NULL;
> + pi = kmalloc(sizeof(*pi), GFP_KERNEL);
> +
> + if (!pi)
> + return NULL;
> +
> + pi->port = lpi->port;
> + pi->tcp = NULL;
> + pi->tcp_list_counter = 0;
> + pi->udp = NULL;
> + pi->udp_list_counter = 0;
> +
> + insert_address(lpi, pi);
> +
> + return pi;
> +}
> +
Just thinking out loud - what if packet_info and pid were introduced
as part of struct sock or something? The no need to kmalloc.
And at the end of the bind/accept/other-calls-you-intercept-via-probes
you can populate the structs. Then the kprobes could go away too. But
I know nothing about BPF so I can't really comment for sure.
Chetan
next prev parent reply other threads:[~2012-04-04 17:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-04 9:16 [RFC PATCH 0/2] PID-based network traffic monitoring Nuno Martins
2012-04-04 9:16 ` [RFC PATCH 1/2] Multiple filter function support for BPF filters Nuno Martins
2012-04-04 9:16 ` [RFC PATCH 2/2] PID-based packet filtering support Nuno Martins
2012-04-04 17:01 ` chetan loke [this message]
2012-04-05 9:41 ` Nuno Martins
2012-04-05 16:29 ` chetan loke
2012-04-04 18:57 ` chetan loke
2012-04-05 10:30 ` Nuno Martins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAsGZS4Ndue7pVOohEHyWimffZECbjVLF40wiGkGXTswJimPCA@mail.gmail.com \
--to=loke.chetan@gmail.com \
--cc=alfredo.matos@caixamagica.pt \
--cc=netdev@vger.kernel.org \
--cc=nuno.martins@caixamagica.pt \
--cc=paulo.trezentos@caixamagica.pt \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).