All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path)
@ 2020-07-08 13:57 Alexander A. Klimov
  2020-07-08 14:02 ` Jonathan Corbet
  0 siblings, 1 reply; 4+ messages in thread
From: Alexander A. Klimov @ 2020-07-08 13:57 UTC (permalink / raw)
  To: corbet, ast, daniel, davem, kuba, hawk, john.fastabend,
	mchehab+samsung, linux-doc, linux-kernel, netdev, bpf
  Cc: Alexander A. Klimov

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
 Continuing my work started at 93431e0607e5.
 See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master
 (Actually letting a shell for loop submit all this stuff for me.)

 If there are any URLs to be removed completely or at least not HTTPSified:
 Just clearly say so and I'll *undo my change*.
 See also: https://lkml.org/lkml/2020/6/27/64

 If there are any valid, but yet not changed URLs:
 See: https://lkml.org/lkml/2020/6/26/837

 If you apply the patch, please let me know.


 Documentation/arm/ixp4xx.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Documentation/arm/ixp4xx.rst b/Documentation/arm/ixp4xx.rst
index a57235616294..d94188b8624f 100644
--- a/Documentation/arm/ixp4xx.rst
+++ b/Documentation/arm/ixp4xx.rst
@@ -119,14 +119,14 @@ http://www.gateworks.com/support/overview.php
    the expansion bus.
 
 Intel IXDP425 Development Platform
-http://www.intel.com/design/network/products/npfamily/ixdpg425.htm
+https://www.intel.com/design/network/products/npfamily/ixdpg425.htm
 
    This is Intel's standard reference platform for the IXDP425 and is
    also known as the Richfield board. It contains 4 PCI slots, 16MB
    of flash, two 10/100 ports and one ADSL port.
 
 Intel IXDP465 Development Platform
-http://www.intel.com/design/network/products/npfamily/ixdp465.htm
+https://www.intel.com/design/network/products/npfamily/ixdp465.htm
 
    This is basically an IXDP425 with an IXP465 and 32M of flash instead
    of just 16.
-- 
2.27.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path)
  2020-07-08 13:57 [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path) Alexander A. Klimov
@ 2020-07-08 14:02 ` Jonathan Corbet
  2020-07-08 18:58   ` Alexander A. Klimov
  0 siblings, 1 reply; 4+ messages in thread
From: Jonathan Corbet @ 2020-07-08 14:02 UTC (permalink / raw)
  To: Alexander A. Klimov
  Cc: ast, daniel, davem, kuba, hawk, john.fastabend, mchehab+samsung,
	linux-doc, linux-kernel, netdev, bpf

On Wed,  8 Jul 2020 15:57:37 +0200
"Alexander A. Klimov" <grandmaster@al2klimov.de> wrote:

>  Documentation/arm/ixp4xx.rst | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

That's not XDP; something went awry in there somewhere.

jon

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path)
  2020-07-08 14:02 ` Jonathan Corbet
@ 2020-07-08 18:58   ` Alexander A. Klimov
  2020-07-09 11:26     ` Jesper Dangaard Brouer
  0 siblings, 1 reply; 4+ messages in thread
From: Alexander A. Klimov @ 2020-07-08 18:58 UTC (permalink / raw)
  To: Jonathan Corbet
  Cc: ast, daniel, davem, kuba, hawk, john.fastabend, mchehab+samsung,
	linux-doc, linux-kernel, netdev, bpf



Am 08.07.20 um 16:02 schrieb Jonathan Corbet:
> On Wed,  8 Jul 2020 15:57:37 +0200
> "Alexander A. Klimov" <grandmaster@al2klimov.de> wrote:
> 
>>   Documentation/arm/ixp4xx.rst | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> That's not XDP; something went awry in there somewhere.
RoFL. Now as you said it I... noticed it at all... (*sigh*, the curse of
automation) and I absolutely agree with you. But I've literally no idea...

➜  linux git:(master) perl scripts/get_maintainer.pl --nogit{,-fallback} 
--nol 0003-Replace-HTTP-links-with-HTTPS-ones-XDP-eXpress-Data-.patch
Jonathan Corbet <corbet@lwn.net> (maintainer:DOCUMENTATION)
Alexei Starovoitov <ast@kernel.org> (supporter:XDP (eXpress Data Path))
Daniel Borkmann <daniel@iogearbox.net> (supporter:XDP (eXpress Data Path))
"David S. Miller" <davem@davemloft.net> (supporter:XDP (eXpress Data Path))
Jakub Kicinski <kuba@kernel.org> (supporter:XDP (eXpress Data Path))
Jesper Dangaard Brouer <hawk@kernel.org> (supporter:XDP (eXpress Data Path))
John Fastabend <john.fastabend@gmail.com> (supporter:XDP (eXpress Data 
Path))
➜  linux git:(master) cat 
0003-Replace-HTTP-links-with-HTTPS-ones-XDP-eXpress-Data-.patch
 From 40aee4678ab84b925ab21581030a2cc0b988fbf9 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <grandmaster@al2klimov.de>
Date: Wed, 8 Jul 2020 08:00:39 +0200
Subject: [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path)

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
   If not .svg:
     For each line:
       If doesn't contain `\bxmlns\b`:
         For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
             If both the HTTP and HTTPS versions
             return 200 OK and serve the same content:
               Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
  Documentation/arm/ixp4xx.rst | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Documentation/arm/ixp4xx.rst b/Documentation/arm/ixp4xx.rst
index a57235616294..d94188b8624f 100644
--- a/Documentation/arm/ixp4xx.rst
+++ b/Documentation/arm/ixp4xx.rst
@@ -119,14 +119,14 @@ http://www.gateworks.com/support/overview.php
     the expansion bus.

  Intel IXDP425 Development Platform
-http://www.intel.com/design/network/products/npfamily/ixdpg425.htm
+https://www.intel.com/design/network/products/npfamily/ixdpg425.htm

     This is Intel's standard reference platform for the IXDP425 and is
     also known as the Richfield board. It contains 4 PCI slots, 16MB
     of flash, two 10/100 ports and one ADSL port.

  Intel IXDP465 Development Platform
-http://www.intel.com/design/network/products/npfamily/ixdp465.htm
+https://www.intel.com/design/network/products/npfamily/ixdp465.htm

     This is basically an IXDP425 with an IXP465 and 32M of flash instead
     of just 16.
--
2.27.0

➜  linux git:(master)

> 
> jon
> 

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path)
  2020-07-08 18:58   ` Alexander A. Klimov
@ 2020-07-09 11:26     ` Jesper Dangaard Brouer
  0 siblings, 0 replies; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2020-07-09 11:26 UTC (permalink / raw)
  To: Alexander A. Klimov
  Cc: Jonathan Corbet, ast, daniel, davem, kuba, hawk, john.fastabend,
	mchehab+samsung, linux-doc, linux-kernel, netdev, bpf

On Wed, 8 Jul 2020 20:58:39 +0200
"Alexander A. Klimov" <grandmaster@al2klimov.de> wrote:

> Am 08.07.20 um 16:02 schrieb Jonathan Corbet:
> > On Wed,  8 Jul 2020 15:57:37 +0200
> > "Alexander A. Klimov" <grandmaster@al2klimov.de> wrote:
> >   
> >>   Documentation/arm/ixp4xx.rst | 4 ++--
> >>   1 file changed, 2 insertions(+), 2 deletions(-)  
> > 
> > That's not XDP; something went awry in there somewhere.  
>
> RoFL. Now as you said it I... noticed it at all... (*sigh*, the curse of
> automation) and I absolutely agree with you. But I've literally no idea...

Yes, we know that scripts/get_maintainer.pl gives false positives for
XDP, but we choose this to capture drivers that implement XDP.

As you can see here, the chip name IXDP425 contains "XDP", which is why
it matches...

 
> ➜  linux git:(master) perl scripts/get_maintainer.pl --nogit{,-fallback} 
> --nol 0003-Replace-HTTP-links-with-HTTPS-ones-XDP-eXpress-Data-.patch
> Jonathan Corbet <corbet@lwn.net> (maintainer:DOCUMENTATION)
> Alexei Starovoitov <ast@kernel.org> (supporter:XDP (eXpress Data Path))
> Daniel Borkmann <daniel@iogearbox.net> (supporter:XDP (eXpress Data Path))
> "David S. Miller" <davem@davemloft.net> (supporter:XDP (eXpress Data Path))
> Jakub Kicinski <kuba@kernel.org> (supporter:XDP (eXpress Data Path))
> Jesper Dangaard Brouer <hawk@kernel.org> (supporter:XDP (eXpress Data Path))
> John Fastabend <john.fastabend@gmail.com> (supporter:XDP (eXpress Data 
> Path))
> ➜  linux git:(master) cat 
> 0003-Replace-HTTP-links-with-HTTPS-ones-XDP-eXpress-Data-.patch
>  From 40aee4678ab84b925ab21581030a2cc0b988fbf9 Mon Sep 17 00:00:00 2001
> From: "Alexander A. Klimov" <grandmaster@al2klimov.de>
> Date: Wed, 8 Jul 2020 08:00:39 +0200
> Subject: [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path)
> 
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>    If not .svg:
>      For each line:
>        If doesn't contain `\bxmlns\b`:
>          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> 	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>              If both the HTTP and HTTPS versions
>              return 200 OK and serve the same content:
>                Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
> ---
>   Documentation/arm/ixp4xx.rst | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/arm/ixp4xx.rst b/Documentation/arm/ixp4xx.rst
> index a57235616294..d94188b8624f 100644
> --- a/Documentation/arm/ixp4xx.rst
> +++ b/Documentation/arm/ixp4xx.rst
> @@ -119,14 +119,14 @@ http://www.gateworks.com/support/overview.php
>      the expansion bus.
> 
>   Intel IXDP425 Development Platform
> -http://www.intel.com/design/network/products/npfamily/ixdpg425.htm
> +https://www.intel.com/design/network/products/npfamily/ixdpg425.htm
> 
>      This is Intel's standard reference platform for the IXDP425 and is
>      also known as the Richfield board. It contains 4 PCI slots, 16MB
>      of flash, two 10/100 ports and one ADSL port.
> 
>   Intel IXDP465 Development Platform
> -http://www.intel.com/design/network/products/npfamily/ixdp465.htm
> +https://www.intel.com/design/network/products/npfamily/ixdp465.htm
> 
>      This is basically an IXDP425 with an IXP465 and 32M of flash instead
>      of just 16.
> --
> 2.27.0


-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat
  LinkedIn: http://www.linkedin.com/in/brouer


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-07-09 11:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-08 13:57 [PATCH] Replace HTTP links with HTTPS ones: XDP (eXpress Data Path) Alexander A. Klimov
2020-07-08 14:02 ` Jonathan Corbet
2020-07-08 18:58   ` Alexander A. Klimov
2020-07-09 11:26     ` Jesper Dangaard Brouer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.