Date: Thu, 7 Mar 2002 21:15:20 -0800 From: Bill Fumerola <billf@mu.org> To: Robert Watson <rwatson@freebsd.org> Cc: Julian Elischer <julian@elischer.org>, Terry Lambert <tlambert2@mindspring.com>, green@freebsd.org, net@freebsd.org, hackers@freebsd.org Subject: Re: in_pcblookup_hash() called multiple times Message-ID: <20020308051520.GB803@elvis.mu.org> In-Reply-To: <Pine.NEB.3.96L.1020307225650.32978J-100000@fledge.watson.org> References: <20020308033724.GZ803@elvis.mu.org> <Pine.NEB.3.96L.1020307225650.32978J-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 07, 2002 at 11:03:19PM -0500, Robert Watson wrote:
> A couple of comments:
>
> - You can always cache the pcb the first time it's used, and then have it
> available for future use. I agree with your concerns about generating
> it every time -- that would be a disaster for routers where no packets
> are even delivered locally. :-)
you can't cache it and make it available for future use without making
the invasive changes that i mention:
> > first, having a uid or gid rule in your ipfw ruleset (or even running
> > ipfw) certainly isn't the common case. we're now going to bloat the
> > ip_fw_chk() calls protocol handler calls to add an arguement that 99%
^-- "and"
> > of time is going to be NULL. then you have to bloat the protocol handlers
> > to check if that pointer, that is NULL 99% of the time, isn't NULL.
i think that ip_fw_chk() taking _8_ arguments is getting a bit obscene.
adding another one to the protocol handlers doesn't seem like a great
idea either.
we're talking about an optimization that less then .1% of our userbase
will ever take advantage of v. a pessimization (additional argument in
the protocol handler + check of that arguement in the handler) in the
critical path of packet delivery in ALL cases (even kernels w/o ipfw).
it's just not worth it.
with ipfw cacheing the pcb lookup + credential check and w/o terry's
patch, the worst case would be a ruleset with any uid/gid rules: a pcb
lookup being done twice (once ever in ipfw, once in the protocol handler).
that's really not so bad compared with the current behavior with uid/gid
rules where the lookup is done of a lot of times (as many uid/gid rules
you walk through before you match) in ipfw and once in the protocol
handler.
> - The uid/gid code is broken for a number of important applications,
> including SSH forwarding, because SSHd binds the socket using a root
> credential rather than the user credential. Arguably, this is a bug
> with SSHd, and it also breaks a number of other things including the MAC
> support we're adding to 5.0-CURRENT. Also, it had some *evil* bugs
> involving NFS that I recently fixed in 5.0-CURRENT, where sockets were
> rebound using the credential of the user making the VFS operation,
> resulting in ipfw uid/gid rules dropping/rate-limiting file system
> requests for all users. For those running into the whole sshd tunnel
> and ident problem, it's the same cause.
i would like to make my cache have the proper credential(s) rather then
just cache the current socket credentials cr_uid, if that's wrong.
please let me know privately just what exactly i should be comparing
against (or functions i should be using, if an API exists now) in -current
with the changes to credentials.
when i mfc the cache, i'll just keep the current uid comparing behavior.
--
- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org
- my anger management counselor can beat up your self-affirmation therapist
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020308051520.GB803>