Open Source Computing

Week 13, Apr 20


Individual Assignment 2

On Sakai, due Wednesday of Week 14

IBM Employee ordered to stop working on Linux kernel under own name

git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=4acd47644ef1e1c8f8f5bc40b7cf1c5b9bcbbc4e

Exactly what is going on here is unclear; perhaps the manager simply wanted Lijun Pan to use an IBM email address.

Ycombinator comments here.


Linux security

    Supply-chain attacks and SolarWinds

  1. This was a closed-source attack
  2. The attack was very subtle, and we should all be very afraid

    Decompress, PyYAML, octopus, lodash, Thompson

Jason Polakis talk at noon today: instrumenting Chromium

Linux source

Brief overview of TCP

Start with af_inet.c::tcp_protocol() and tcp_ipv4::tcp_v4_rcv
    => __inet_lookup_skb => __inet_lookup()
    => tcp_v4_do_rcv
        =>     tcp_rcv_established() | tcp_v4_hnd_req(sk, skb) | tcp_child_process
        =>     tcp_input.c::tcp_rcv_state_process()
                    -> icsk->icsk_af_ops->conn_request(sk, skb)
        == tcp_v4_conn_request()        // see table at tcp_ipv4.c::line 1758

tcp_v4_hnd_req():
    inet_csk_search_req: this is looking for the "request socket", a mini-socket with additional info
    tcp_check_req: checks if there is space in the accept queue
    inet_lookup_established: we *did* just call this: same as __inet_lookup_established with hnum=dport
    main path: ends up returning sk

Caller is tcp_v4_do_rcv();
    caller falls through to tcp_rcv_state_process
        -> icsk->icsk_af_ops->conn_request(sk, skb)
        == tcp_v4_conn_request()        // see table at tcp_ipv4.c::line 1758

tcp_v4_conn_request():        // handles incoming SYN
    // error cases first
    tcp_clear_options();
    tcp_parse_options;
    tcp_openreq_init
    save saddr/daddr in ireq, which is a cast of req, which is a struct request_sock.

    saves req using inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);    // csk = Connected SocKet
    see also inet_csk_search_req
    calls __tcp_v4_send_synack

tcp_input.c:
    int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb)    // called by tcp_v4_do_rcv for states besides ESTABLISHED, LISTEN
    ESTABLISHED: tcp_data_queue()

Brief overview of HTB

htb_classify()

htb_dequeue()

    jiffies

    htb_dequeue_tree()