lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 12 Apr 2015 20:36:18 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	alexei.starovoitov@...il.com
Cc:	jiri@...nulli.us, netdev@...r.kernel.org, jhs@...atatu.com,
	tgraf@...g.ch, jesse@...ira.com
Subject: Re: [patch net-next v3] tc: introduce OpenFlow classifier

From: Alexei Starovoitov <alexei.starovoitov@...il.com>
Date: Sun, 12 Apr 2015 17:12:13 -0700

> On Sun, Apr 12, 2015 at 07:44:43PM -0400, David Miller wrote:
>> From: Jiri Pirko <jiri@...nulli.us>
>> Date: Sun, 12 Apr 2015 09:53:51 +0200
>> 
>> > Sat, Apr 11, 2015 at 06:12:25PM CEST, alexei.starovoitov@...il.com wrote:
>> >>On Fri, Apr 10, 2015 at 02:45:17PM +0200, Jiri Pirko wrote:
>> >>> Okay. That was misunderstanding. I was thinking about using existing
>> >>> flow_dissect. There are couple things which I'm scared of:
>> >>> - there are eventually many fields to be added to dissection function and to
>> >>>   the structure as well. Not sure how acceptable that would be for
>> >>>   performance reasons when flow_dissect is used by different users...
>> >>
>> >>I share the same concern. I think flow_dissect is too performance
>> >>critical to reuse by expanding 'struct flow_keys'.
>> >>I think it would be better to generalize ovs's key_extract() into
>> >>common piece of code that TC classifier and ovs datapath can use.
>> >>It uses kernel internal 'struct sw_flow_key' which we can tweak to
>> >>accommodate more users. It's already gigantic at 392 bytes, so
>> >>split and a bit of diet would help too.
>> > 
>> > Yep, those are few next topics on my agenda.
>> 
>> This argument kinda ignores the fact that full flow dissection is run
>> on _every_ single RX packet on basically all Intel chipsets.
>> 
>> Therefore, I cannot take seriously someone saying that it is too much
>> overhead for a classifier.
> 
> I was taking about different thing. skb_flow_dissect() today is fast,
> because it needs to copy very few fields into flow_keys, whereas
> Jiri's classifier and ovs's key_extract copy pretty much everything
> they see in the packet into gigantic sw_flow_key and that gigantic
> struct is used a lookup key. Parsing itself is cheap, comparing to
> copying everything.

It's easy to parameterize what flow dissector does and share code.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists