lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Apr 2015 20:36:18 -0400 (EDT) From: David Miller <davem@...emloft.net> To: alexei.starovoitov@...il.com Cc: jiri@...nulli.us, netdev@...r.kernel.org, jhs@...atatu.com, tgraf@...g.ch, jesse@...ira.com Subject: Re: [patch net-next v3] tc: introduce OpenFlow classifier From: Alexei Starovoitov <alexei.starovoitov@...il.com> Date: Sun, 12 Apr 2015 17:12:13 -0700 > On Sun, Apr 12, 2015 at 07:44:43PM -0400, David Miller wrote: >> From: Jiri Pirko <jiri@...nulli.us> >> Date: Sun, 12 Apr 2015 09:53:51 +0200 >> >> > Sat, Apr 11, 2015 at 06:12:25PM CEST, alexei.starovoitov@...il.com wrote: >> >>On Fri, Apr 10, 2015 at 02:45:17PM +0200, Jiri Pirko wrote: >> >>> Okay. That was misunderstanding. I was thinking about using existing >> >>> flow_dissect. There are couple things which I'm scared of: >> >>> - there are eventually many fields to be added to dissection function and to >> >>> the structure as well. Not sure how acceptable that would be for >> >>> performance reasons when flow_dissect is used by different users... >> >> >> >>I share the same concern. I think flow_dissect is too performance >> >>critical to reuse by expanding 'struct flow_keys'. >> >>I think it would be better to generalize ovs's key_extract() into >> >>common piece of code that TC classifier and ovs datapath can use. >> >>It uses kernel internal 'struct sw_flow_key' which we can tweak to >> >>accommodate more users. It's already gigantic at 392 bytes, so >> >>split and a bit of diet would help too. >> > >> > Yep, those are few next topics on my agenda. >> >> This argument kinda ignores the fact that full flow dissection is run >> on _every_ single RX packet on basically all Intel chipsets. >> >> Therefore, I cannot take seriously someone saying that it is too much >> overhead for a classifier. > > I was taking about different thing. skb_flow_dissect() today is fast, > because it needs to copy very few fields into flow_keys, whereas > Jiri's classifier and ovs's key_extract copy pretty much everything > they see in the packet into gigantic sw_flow_key and that gigantic > struct is used a lookup key. Parsing itself is cheap, comparing to > copying everything. It's easy to parameterize what flow dissector does and share code. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists