Logging sensitive information from kernel (while atomic and uninterrupted)

Logging sensitive information from kernel (while atomic and uninterrupted)

[Panagiotis Sakkos]

Hi again,

I would like to ask you the possible ways of logging information from the kernel, without
the messages being intercepted from dmesg. Also please note that my implementation uses the kprobes API, so in my probes I am atomic and uninterrupted.


  *   printk sends the logs to the kernel ring buffer, so dmesg will always see them. Hence, printk-ing is not a solution.
  *   Logging to a unix socket (i.e. /dev/log) didn't work (check "Crash when sending a lot of messages through a unix socket" thread).
  *   proc filesystem, I am not sure, but I believe that is not suitable for logging information. It is more for kernel information exposing.

Any other ideas? My problem is that I log sensitive data and any unprivileged user can run dmesg and see the sensitive logs.

Thank you in advance for your time,
Panos
--
http://www.cern.ch/psakkos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120503/e4bf77e7/attachment.html 

Kernel latency for handling the Network traffic

[Suresh Kumar Subramanian]

Hi,

I am building the router based on linux kernel.

The hardware details are below,
2 - 64 bit quad core processor (3Ghz core).
RAM-  24GB RAM.
PCI express slot- connected with Quad Port 100Mbps Ethernet adapter -2. (so total 8 ethernet interfaces)


I just want to calculate the maximum traffic the  router can handle..?.

The maximum traffic could be, also 8  ports(100Mbps) * 2 directions = 1600Mbps.

Can this system(kernel + hardware) handle this much traffic. (Assume the best case)?


I think,  There is calculation to identify the packet processing time in linux kernel (kernel & hw cpu freq). I am not aware of this.

Can some one help me to identify this.

Thanks
Suresh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120503/df8fb07d/attachment.html 

Kernel latency for handling the Network traffic

[michi1 at michaelblizek.twilightparadox.com]

Hi!

On 16:33 Thu 03 May     , Suresh Kumar Subramanian wrote:
> Hi,
> 
> I am building the router based on linux kernel.
> 
> The hardware details are below,
> 2 - 64 bit quad core processor (3Ghz core).
> RAM-  24GB RAM.
> PCI express slot- connected with Quad Port 100Mbps Ethernet adapter -2. (so total 8 ethernet interfaces)
> 
> 
> I just want to calculate the maximum traffic the  router can handle..?.
> 
> The maximum traffic could be, also 8  ports(100Mbps) * 2 directions = 1600Mbps.
> 
> Can this system(kernel + hardware) handle this much traffic. (Assume the best case)?

Yes, it can. I have seen a benchmark which basically said that a single quad
core cpu with ~3GHz was enough for about 4 links with 10 *gigabit* each.

That said, VPNs can slow down processing dramatically, iptables less so. If
you want to saturate links with 10 gigabit, you need to use a special qdisc,
which might prevent you to do QoS.

> I think,  There is calculation to identify the packet processing time in linux kernel (kernel & hw cpu freq). I am not aware of this.

What do you mean?

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com

Kernel latency for handling the Network traffic

[Abu Rasheda]

On Thu, May 3, 2012 at 6:54 AM,
<michi1@michaelblizek.twilightparadox.com> wrote:
> Hi!
>
> On 16:33 Thu 03 May ? ? , Suresh Kumar Subramanian wrote:
>> Hi,
>>
>> I am building the router based on linux kernel.
>>
>> The hardware details are below,
>> 2 - 64 bit quad core processor (3Ghz core).
>> RAM- ?24GB RAM.
>> PCI express slot- connected with Quad Port 100Mbps Ethernet adapter -2. (so total 8 ethernet interfaces)
>>
>>
>> I just want to calculate the maximum traffic the ?router can handle..?.
>>
>> The maximum traffic could be, also 8 ?ports(100Mbps) * 2 directions = 1600Mbps.
>>
>> Can this system(kernel + hardware) handle this much traffic. (Assume the best case)?
>
> Yes, it can. I have seen a benchmark which basically said that a single quad
> core cpu with ~3GHz was enough for about 4 links with 10 *gigabit* each.

What is the packet size ?

Kernel latency for handling the Network traffic

[michi1 at michaelblizek.twilightparadox.com]

Hi!

On 09:47 Thu 03 May     , Abu Rasheda wrote:
> On Thu, May 3, 2012 at 6:54 AM,
> <michi1@michaelblizek.twilightparadox.com> wrote:
> > Hi!
> >
> > On 16:33 Thu 03 May ? ? , Suresh Kumar Subramanian wrote:
> >> Hi,
> >>
> >> I am building the router based on linux kernel.
> >>
> >> The hardware details are below,
> >> 2 - 64 bit quad core processor (3Ghz core).
> >> RAM- ?24GB RAM.
> >> PCI express slot- connected with Quad Port 100Mbps Ethernet adapter -2. (so total 8 ethernet interfaces)
> >>
> >>
> >> I just want to calculate the maximum traffic the ?router can handle..?.
> >>
> >> The maximum traffic could be, also 8 ?ports(100Mbps) * 2 directions = 1600Mbps.
> >>
> >> Can this system(kernel + hardware) handle this much traffic. (Assume the best case)?
> >
> > Yes, it can. I have seen a benchmark which basically said that a single quad
> > core cpu with ~3GHz was enough for about 4 links with 10 *gigabit* each.
> 
> What is the packet size ?

It was ~10 million packets per second with 500 bytes packet size, if I
remember correctly. The speed is highly depending on packet size. Actually
packets per second is actually a better unit than (k/m/g)bits per second. I
mostly care about the 500 bytes packet size values in benchmarks because
this is what I think is a good approximate for the average size in most
networks. However, the 64 byte packet size values might also be interesting
when dealing with "weird" applications or DoS attacks.

	-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com

Logging sensitive information from kernel (while atomic and uninterrupted)

[Anirban Roy]

did u check out syslog feature

On 03-May-2012 2:11 PM, "Panagiotis Sakkos" <panos.sakkos@cern.ch> wrote:
>
> Hi again,
>
> I would like to ask you the possible ways of logging information from the
kernel, without
> the messages being intercepted from dmesg. Also please note that my
implementation uses the kprobes API, so in my probes I am atomic and
uninterrupted.
>
> printk sends the logs to the kernel ring buffer, so dmesg will always see
them. Hence, printk-ing is not a solution.
> Logging to a unix socket (i.e. /dev/log) didn't work (check "Crash when
sending a lot of messages through a unix socket" thread).
> proc filesystem, I am not sure, but I believe that is not suitable for
logging information. It is more for kernel information exposing.
> Any other ideas? My problem is that I log sensitive data and any
unprivileged user can run dmesg and see the sensitive logs.
>
> Thank you in advance for your time,
> Panos
> --
> http://www.cern.ch/psakkos
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120504/c4a12e70/attachment.html