lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 31 Jul 2015 16:52:09 -0700
From:	Tom Herbert <tom@...bertland.com>
To:	<davem@...emloft.net>, <netdev@...r.kernel.org>
CC:	<kernel-team@...com>
Subject: [PATCH v2 net-next 0/5] ipv6: Turn on auto IPv6 flow labels by default

BSD (MacOS) has already turned on flow labels by default and this does
not seem to be causing any problems in the Internet. Let's go ahead
and turn them on by default. We'll continue to monitor for any devices
start choking on them.

Flow labels are important since they are the desired solution for
network devices to perform ECMP and RSS (RFC6437 and RFC6438).
Traditionally, devices perform a 5-tuple hash on packets that
includes port numbers. For the most part, these devices can only
compute 5-tuple hashes for TCP and UDP. This severely limits our ability
to get good network load balancing for other protocols (IPIP, GRE,ESP,
etc.), and hence we are limited in using other protocols. Unfortunately,
this method is accepted as the de facto standard to the extent that
there are several proposals to encapsulate protocols in UDP _just_ for
the purposes for getting ECMP to work. With hosts generating flow labels
and devices taking them as input into ECMP (several already do), we can
start to fix this fundamental problem. 

This patch set:
 - Changes IPV6_FLOWINFO sockopt to be opt-out of flow labels for
   connections rather than opt-in
 - Disable flow label state ranges sysctl by default
 - Enable auto flow labels sysctl by default

v2:
  - Added functions to create an skb->hash based on flowi4 and flowi6.
    These are called in output path when creating a packet
  - Call skb_get_hash_flowi6 in ip6_make_flowlabel
  - Implement the auto_flowlabels sysctl as a mode for auto flowlabels.
    There are four modes which correspond to flow labels being enabled
    and whether socket option can be used to opt in or opt out of
    using them

Tom Herbert (5):
  net: Add functions to get skb->hash based on flow structures
  ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel
  ipv6: Implement different admin modes for automatic flow labels
  ipv6: Disable flowlabel state ranges by default
  ipv6: Enable auto flow labels by default

 Documentation/networking/ip-sysctl.txt | 20 +++++++----
 include/linux/skbuff.h                 | 21 ++++++++++++
 include/net/ipv6.h                     | 62 ++++++++++++++++++++++++++--------
 net/core/flow_dissector.c              | 58 ++++++++++++++++++++++++++++---
 net/ipv6/af_inet6.c                    |  5 +--
 net/ipv6/ip6_gre.c                     |  5 +--
 net/ipv6/ip6_output.c                  |  4 +--
 net/ipv6/ip6_tunnel.c                  |  2 +-
 net/ipv6/sysctl_net_ipv6.c             |  7 +++-
 9 files changed, 151 insertions(+), 33 deletions(-)

-- 
1.8.5.6

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ