lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Mar 2010 14:03:22 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Timo Teräs <timo.teras@....fi> Cc: netdev@...r.kernel.org Subject: Re: [PATCH] xfrm: cache bundle lookup results in flow cache On Fri, Mar 19, 2010 at 07:48:57AM +0200, Timo Teräs wrote: > > But it always matches. The caching happens using the inner > flow. Inner flow always matches with the same bundle unless > the bundle expires or goes stale. What happens is that I get > multiple cache entries per-inner flow each referencing to the > same bundle. Sorry for being slow, but if it always matches, doesn't that mean you'll only have a single bundle in the policy bundle list? IOW why do we need this at all? Or have I misread your patch? You *are* proposing to cache the last used bundle in the policy, right? > True. But if we go and prune a bundle due to it being bad or > needing garbage collection we need to invalidate all bundles > pointers, and we cannot access the back-pointer. Alternatively Why can't you access the back-pointer? You should always have a reference held on the policy, either explicit or implicit. > we need to keep xfrm_dst references again in the flow cache > requiring an expensive iteration of all flow cache entries > whenever a xfrm_dst needs to be deleted (which happens often). So does the IPv4 routing cache. I think what this reflects is just that the IPsec garbage collection mechanism is broken. There is no point in doing a GC on every dst_alloc if we know that it isn't going to go below the threshold. It should gain a minimum GC interval like IPv4. Or perhaps we can move the minimum GC interval check into the dst core. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists