lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 06 Jan 2014 16:41:40 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	eric.dumazet@...il.com
Cc:	sathya.perla@...lex.com, netdev@...r.kernel.org,
	edumazet@...gle.com, stephen@...workplumber.org
Subject: Re: [PATCH net-next] vxlan: keep original skb ownership

From: Eric Dumazet <eric.dumazet@...il.com>
Date: Mon, 06 Jan 2014 09:54:31 -0800

> From: Eric Dumazet <edumazet@...gle.com>
> 
> Sathya Perla posted a patch trying to address following problem :
> 
> <quote>
>  The vxlan driver sets itself as the socket owner for all the TX flows
>  it encapsulates (using vxlan_set_owner()) and assigns it's own skb
>  destructor. This causes all tunneled traffic to land up on only one TXQ
>  as all encapsulated skbs refer to the vxlan socket and not the original
>  socket.  Also, the vxlan skb destructor breaks some functionality for
>  tunneled traffic like wmem accounting and as TCP small queues and
>  FQ/pacing packet scheduler.
> </quote>
> 
> I reworked Sathya patch and added some explanations.
> 
> vxlan_xmit() can avoid one skb_clone()/dev_kfree_skb() pair
> and gain better drop monitor accuracy, by calling kfree_skb() when
> appropriate.
> 
> The UDP socket used by vxlan to perform encapsulation of xmit packets
> do not need to be alive while packets leave vxlan code. Its better
> to keep original socket ownership to get proper feedback from qdisc and
> NIC layers.
> 
> We use skb->sk to 
> 
> A) control amount of bytes/packets queued on behalf of a socket, but
> prior vxlan code did the skb->sk transfert without any limit/control
> on vxlan socket sk_sndbuf.
> 
> B) security purposes (as selinux) or netfilter uses, and I do not think
> anything is prepared to handle vxlan stacked case in this area.
> 
> By not changing ownership, vxlan tunnels behave like other tunnels.
> As Stephen mentioned, we might do the same change in L2TP.
> 
> Reported-by: Sathya Perla <sathya.perla@...lex.com>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>

Applied, thanks a lot Eric.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ