lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 12 Apr 2015 17:12:13 -0700
From:	Alexei Starovoitov <alexei.starovoitov@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	jiri@...nulli.us, netdev@...r.kernel.org, jhs@...atatu.com,
	tgraf@...g.ch, jesse@...ira.com
Subject: Re: [patch net-next v3] tc: introduce OpenFlow classifier

On Sun, Apr 12, 2015 at 07:44:43PM -0400, David Miller wrote:
> From: Jiri Pirko <jiri@...nulli.us>
> Date: Sun, 12 Apr 2015 09:53:51 +0200
> 
> > Sat, Apr 11, 2015 at 06:12:25PM CEST, alexei.starovoitov@...il.com wrote:
> >>On Fri, Apr 10, 2015 at 02:45:17PM +0200, Jiri Pirko wrote:
> >>> Okay. That was misunderstanding. I was thinking about using existing
> >>> flow_dissect. There are couple things which I'm scared of:
> >>> - there are eventually many fields to be added to dissection function and to
> >>>   the structure as well. Not sure how acceptable that would be for
> >>>   performance reasons when flow_dissect is used by different users...
> >>
> >>I share the same concern. I think flow_dissect is too performance
> >>critical to reuse by expanding 'struct flow_keys'.
> >>I think it would be better to generalize ovs's key_extract() into
> >>common piece of code that TC classifier and ovs datapath can use.
> >>It uses kernel internal 'struct sw_flow_key' which we can tweak to
> >>accommodate more users. It's already gigantic at 392 bytes, so
> >>split and a bit of diet would help too.
> > 
> > Yep, those are few next topics on my agenda.
> 
> This argument kinda ignores the fact that full flow dissection is run
> on _every_ single RX packet on basically all Intel chipsets.
> 
> Therefore, I cannot take seriously someone saying that it is too much
> overhead for a classifier.

I was taking about different thing. skb_flow_dissect() today is fast,
because it needs to copy very few fields into flow_keys, whereas
Jiri's classifier and ovs's key_extract copy pretty much everything
they see in the packet into gigantic sw_flow_key and that gigantic
struct is used a lookup key. Parsing itself is cheap, comparing to
copying everything.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists