lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Apr 2015 17:12:13 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: David Miller <davem@...emloft.net> Cc: jiri@...nulli.us, netdev@...r.kernel.org, jhs@...atatu.com, tgraf@...g.ch, jesse@...ira.com Subject: Re: [patch net-next v3] tc: introduce OpenFlow classifier On Sun, Apr 12, 2015 at 07:44:43PM -0400, David Miller wrote: > From: Jiri Pirko <jiri@...nulli.us> > Date: Sun, 12 Apr 2015 09:53:51 +0200 > > > Sat, Apr 11, 2015 at 06:12:25PM CEST, alexei.starovoitov@...il.com wrote: > >>On Fri, Apr 10, 2015 at 02:45:17PM +0200, Jiri Pirko wrote: > >>> Okay. That was misunderstanding. I was thinking about using existing > >>> flow_dissect. There are couple things which I'm scared of: > >>> - there are eventually many fields to be added to dissection function and to > >>> the structure as well. Not sure how acceptable that would be for > >>> performance reasons when flow_dissect is used by different users... > >> > >>I share the same concern. I think flow_dissect is too performance > >>critical to reuse by expanding 'struct flow_keys'. > >>I think it would be better to generalize ovs's key_extract() into > >>common piece of code that TC classifier and ovs datapath can use. > >>It uses kernel internal 'struct sw_flow_key' which we can tweak to > >>accommodate more users. It's already gigantic at 392 bytes, so > >>split and a bit of diet would help too. > > > > Yep, those are few next topics on my agenda. > > This argument kinda ignores the fact that full flow dissection is run > on _every_ single RX packet on basically all Intel chipsets. > > Therefore, I cannot take seriously someone saying that it is too much > overhead for a classifier. I was taking about different thing. skb_flow_dissect() today is fast, because it needs to copy very few fields into flow_keys, whereas Jiri's classifier and ovs's key_extract copy pretty much everything they see in the packet into gigantic sw_flow_key and that gigantic struct is used a lookup key. Parsing itself is cheap, comparing to copying everything. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists