Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Mar 2002 21:15:20 -0800
From:      Bill Fumerola <billf@mu.org>
To:        Robert Watson <rwatson@freebsd.org>
Cc:        Julian Elischer <julian@elischer.org>, Terry Lambert <tlambert2@mindspring.com>, green@freebsd.org, net@freebsd.org, hackers@freebsd.org
Subject:   Re: in_pcblookup_hash() called multiple times
Message-ID:  <20020308051520.GB803@elvis.mu.org>
In-Reply-To: <Pine.NEB.3.96L.1020307225650.32978J-100000@fledge.watson.org>
References:  <20020308033724.GZ803@elvis.mu.org> <Pine.NEB.3.96L.1020307225650.32978J-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 07, 2002 at 11:03:19PM -0500, Robert Watson wrote:
> A couple of comments:
> 
> - You can always cache the pcb the first time it's used, and then have it
>   available for future use.  I agree with your concerns about generating
>   it every time -- that would be a disaster for routers where no packets
>   are even delivered locally. :-) 

you can't cache it and make it available for future use without making
the invasive changes that i mention:

> > first, having a uid or gid rule in your ipfw ruleset (or even running
> > ipfw) certainly isn't the common case. we're now going to bloat the
> > ip_fw_chk() calls protocol handler calls to add an arguement that 99%
                     ^-- "and"
> > of time is going to be NULL. then you have to bloat the protocol handlers
> > to check if that pointer, that is NULL 99% of the time, isn't NULL.

i think that ip_fw_chk() taking _8_ arguments is getting a bit obscene.
adding another one to the protocol handlers doesn't seem like a great
idea either.

we're talking about an optimization that less then .1% of our userbase
will ever take advantage of v. a pessimization (additional argument in
the protocol handler + check of that arguement in the handler) in the
critical path of packet delivery in ALL cases (even kernels w/o ipfw).

it's just not worth it.

with ipfw cacheing the pcb lookup + credential check and w/o terry's
patch, the worst case would be a ruleset with any uid/gid rules: a pcb
lookup being done twice (once ever in ipfw, once in the protocol handler).

that's really not so bad compared with the current behavior with uid/gid
rules where the lookup is done of a lot of times (as many uid/gid rules
you walk through before you match) in ipfw and once in the protocol
handler.

> - The uid/gid code is broken for a number of important applications,
>   including SSH forwarding, because SSHd binds the socket using a root
>   credential rather than the user credential.  Arguably, this is a bug
>   with SSHd, and it also breaks a number of other things including the MAC
>   support we're adding to 5.0-CURRENT.  Also, it had some *evil* bugs
>   involving NFS that I recently fixed in 5.0-CURRENT, where sockets were
>   rebound using the credential of the user making the VFS operation,
>   resulting in ipfw uid/gid rules dropping/rate-limiting file system
>   requests for all users.  For those running into the whole sshd tunnel
>   and ident problem, it's the same cause. 

i would like to make my cache have the proper credential(s) rather then
just cache the current socket credentials cr_uid, if that's wrong.

please let me know privately just what exactly i should be comparing
against (or functions i should be using, if an API exists now) in -current
with the changes to credentials.

when i mfc the cache, i'll just keep the current uid comparing behavior.

-- 
- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org
- my anger management counselor can beat up your self-affirmation therapist



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020308051520.GB803>