lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20120814023155.ffe9c01d.billfink@mindspring.com>
Date:	Tue, 14 Aug 2012 02:31:55 -0400
From:	Bill Fink <billfink@...dspring.com>
To:	"Bruce \"Brutus\" Curtis" <brutus@...gle.com>
Cc:	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v2] net-tcp: TCP/IP stack bypass for loopback
 connections

On Thu,  9 Aug 2012, Bruce "Brutus" Curtis wrote:

> From: "Bruce \"Brutus\" Curtis" <brutus@...gle.com>
> 
> TCP/IP loopback socket pair stack bypass, based on an idea by, and
> rough upstream patch from, David Miller <davem@...emloft.net> called
> "friends", the data structure modifcations and connection scheme are
> reused with extensive data-path changes.
> 
> A new sysctl, net.ipv4.tcp_friends, is added:
>   0: disable friends and use the stock data path.
>   1: enable friends and bypass the stack data path, the default.

The following is from a user perspective, since I am not
intimately familiar with the internals of the TCP stack.

I think tcp_friends is a poor name from a user POV.
Something like tcp_bypass would be much better.

I also believe it should be disabled by default, as that is
the current behavior, and those who would gain an advantage
from using it can easily enable it.

Changing the behavior would violate the principle of least
surprise.  Loopback TCP testing of an application or system
is often a useful first step in evaluating its behavior and
performance.  If the TCP stack is bypassed, it will give a
very false impression when such tests are performed.

Does it preserve all TCP semantics for applications, including
things like urgent data, ancillary data, and TCP socket options
and ioctls.  If it doesn't, it shouldn't be the default, and it
should be documented what features do and don't work when
tcp_bypass is enabled.  If all TCP semantics are unchanged,
that would also be good to know and document.

And there's the already mentioned issue of breaking tcpdump
and related tools.

While this could be a very useful feature in some environments,
it seems to me it would be safest to have it disabled by default.

					-Bill



> Note, when friends is enabled any loopback interpose, e.g. tcpdump,
> will only see the TCP/IP packets during connection establishment and
> finish, all data bypasses the stack and instead is delivered to the
> destination socket directly.
> 
> Testing done on a 4 socket 2.2GHz "Quad-Core AMD Opteron(tm) Processor
> 8354 CPU" based system, netperf results for a single connection show
> increased TCP_STREAM throughput, increased TCP_RR and TCP_CRR transaction
> rate for most message sizes vs baseline and comparable to AF_UNIX.
> 
> Significant increase (up to 4.88x) in aggregate throughput for multiple
> netperf runs (STREAM 32KB I/O x N) is seen.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ