lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6629177f6b4c7_1a76072949b@willemb.c.googlers.com.notmuch>
Date: Wed, 24 Apr 2024 10:30:23 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Felix Fietkau <nbd@....name>, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>, 
 Paolo Abeni <pabeni@...hat.com>, 
 Eric Dumazet <edumazet@...gle.com>
Cc: netdev@...r.kernel.org, 
 "David S. Miller" <davem@...emloft.net>, 
 Jakub Kicinski <kuba@...nel.org>, 
 David Ahern <dsahern@...nel.org>, 
 linux-kernel@...r.kernel.org
Subject: Re: [RFC] net: add TCP fraglist GRO support

Felix Fietkau wrote:
> On 24.04.24 03:24, Willem de Bruijn wrote:
> > Felix Fietkau wrote:
> >> On 23.04.24 16:34, Paolo Abeni wrote:
> >> > On Tue, 2024-04-23 at 14:23 +0200, Felix Fietkau wrote:
> >> >> On 23.04.24 14:11, Eric Dumazet wrote:
> >> >> > On Tue, Apr 23, 2024 at 1:55 PM Felix Fietkau <nbd@....name> wrote:
> >> >> > > 
> >> >> > > In the world of consumer-grade WiFi devices, there are a lot of chipsets
> >> >> > > with limited or nonexistent SG support, and very limited checksum
> >> >> > > offload capabilities on Ethernet. The WiFi side of these devices is
> >> >> > > often even worse. I think fraglist GRO is a decent fallback for the
> >> >> > > inevitable corner cases.
> >> >> > 
> >> >> > What about netfilter and NAT ? Are they okay with NETIF_F_FRAGLIST_GRO already ?
> >> >> > 
> >> >> > Many of these devices are probably using NAT.
> >> >> 
> >> >> In my tests, nftables NAT works just fine, both with and without 
> >> >> flowtable offloading. I didn't see anything in netfilter that would have 
> >> >> a problem with this.
> >> > 
> >> > I see you handle explicitly NAT changes in __tcpv4_gso_segment_csum(),
> >> > like the current UDP code.
> >> > 
> >> > The TCP header has many other fields that could be updated affecting
> >> > the TCP csum.
> >> > Handling every possible mutation looks cumbersome and will likely
> >> > reduce the performance benefits.
> >> > 
> >> > What is your plan WRT other TCP header fields update?
> >> 
> >> I think that should be easy enough to handle. My patch already only 
> >> combines packets where tcp_flag_word(th) is identical. So when 
> >> segmenting, I could handle all flags changes with a single 
> >> inet_proto_csum_replace4 call.
> >> 
> >> > Strictly WRT the patch, I guess it deserves to be split in series,
> >> > moving UDP helpers in common code and possibly factoring out more
> >> > helpers with separate patches.
> >> Will do.
> > 
> > A significant chunk of the complexity is in the
> > tcp[46]_check_fraglist_gro sk match. Is this heuristic worth the
> > complexity?
> > 
> > It seems that the platforms that will enable NETIF_F_FRAGLIST will
> > be mainly forwarding planes.
> 
> There are people using their devices as file servers and routers at the 
> same time. The heuristic helps for those cases.

Ok.

> > If keeping, this refinement can probably a separate follow-on patch in
> > the series too:
> > 
> > - refactor existing udp code
> > - add segmentation support to handle such packets on tx
> > - add coalescing support that starts building such packets on rx
> > - refine coalescing choice
> I don't really understand what you're suggesting. With my patch, the GRO 
> code handles coalescing of packets. Segmentation on output is also 
> supported. The next version of my patch will fix the cases that were too 
> similar to the UDP code, so I guess refactoring to share code doesn't 
> really make sense there.
> Am I missing something?

I mean if breaking up into a series. First have the refactoring patch
which should be easy to review to be a noop. Then add the segmentation
code, which needs to exist before packets may arrive that depend on
it. Then add the code that produces such packets. To break up into
manageable chunks.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ