| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Aug 2012 09:19:32 -0700 From: Bruce Curtis <brutus@...gle.com> To: Bill Fink <billfink@...dspring.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org Subject: Re: [PATCH v2] net-tcp: TCP/IP stack bypass for loopback connections Re-sending due to vger.kernel.org rejecting HTML On Mon, Aug 13, 2012 at 11:31 PM, Bill Fink <billfink@...dspring.com> wrote: > > On Thu, 9 Aug 2012, Bruce "Brutus" Curtis wrote: > > > From: "Bruce \"Brutus\" Curtis" <brutus@...gle.com> > > > > TCP/IP loopback socket pair stack bypass, based on an idea by, and > > rough upstream patch from, David Miller <davem@...emloft.net> called > > "friends", the data structure modifcations and connection scheme are > > reused with extensive data-path changes. > > > > A new sysctl, net.ipv4.tcp_friends, is added: > > 0: disable friends and use the stock data path. > > 1: enable friends and bypass the stack data path, the default. > > The following is from a user perspective, since I am not > intimately familiar with the internals of the TCP stack. > > I think tcp_friends is a poor name from a user POV. > Something like tcp_bypass would be much better. > > I also believe it should be disabled by default, as that is > the current behavior, and those who would gain an advantage > from using it can easily enable it. > > Changing the behavior would violate the principle of least > surprise. Loopback TCP testing of an application or system > is often a useful first step in evaluating its behavior and > performance. If the TCP stack is bypassed, it will give a > very false impression when such tests are performed. > > Does it preserve all TCP semantics for applications, including > things like urgent data, ancillary data, and TCP socket options > and ioctls. If it doesn't, it shouldn't be the default, and it > should be documented what features do and don't work when > tcp_bypass is enabled. If all TCP semantics are unchanged, > that would also be good to know and document. > > And there's the already mentioned issue of breaking tcpdump > and related tools. > > While this could be a very useful feature in some environments, > it seems to me it would be safest to have it disabled by default. > > -Bill > 1) tcp_friends vs tcp_bypass, the average user will not need to know about this tunable so if there's consensus that it needs to be changed, change it? 2) this is a throughput/latency advantage for most (all?) so it benefits most (all?) production environments 3) as for breaking tcpdump and ... Again, it does maintain the connection establishment and finish packet flow so for most TCP connection related interpose uses this should work and be documented but if your trying to debug TCP's protocol state-machine, network emulation, ... then Yes a user would need to disable but IMHO this is the exception 4) all TCP socket semantics are maintained and if not it's a bug and needs to be fixed > > Note, when friends is enabled any loopback interpose, e.g. tcpdump, > > will only see the TCP/IP packets during connection establishment and > > finish, all data bypasses the stack and instead is delivered to the > > destination socket directly. > > > > Testing done on a 4 socket 2.2GHz "Quad-Core AMD Opteron(tm) Processor > > 8354 CPU" based system, netperf results for a single connection show > > increased TCP_STREAM throughput, increased TCP_RR and TCP_CRR > > transaction > > rate for most message sizes vs baseline and comparable to AF_UNIX. > > > > Significant increase (up to 4.88x) in aggregate throughput for multiple > > netperf runs (STREAM 32KB I/O x N) is seen. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists