lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAEP_g=9cS=dC4VkdcqgfC_VxDSkAtDQm2y9B0hSNyjb-aoJbjg@mail.gmail.com>
Date:	Wed, 27 Mar 2013 14:30:17 -0700
From:	Jesse Gross <jesse@...ira.com>
To:	David Stevens <dlstevens@...ibm.com>
Cc:	Alexander Duyck <alexander.h.duyck@...el.com>,
	David Miller <davem@...emloft.net>,
	"Gasparakis, Joseph" <joseph.gasparakis@...el.com>,
	netdev <netdev@...r.kernel.org>, netdev-owner@...r.kernel.org,
	pshelar@...ira.com, Stephen Hemminger <shemminger@...tta.com>
Subject: Re: Is there a preferred way to get the VXLAN port number?

On Wed, Mar 27, 2013 at 12:01 PM, David Stevens <dlstevens@...ibm.com> wrote:
> netdev-owner@...r.kernel.org wrote on 03/27/2013 02:32:59 PM:
>
>> The main think I want to do is keep this simple since I would prefer to
>> not build up any infrastructure that will just get in the way.  My
>> thought for now is to just export a function to allow drivers to fetch
>> the port number of VXLAN.  The only downside is that it forces the VXLAN
>> module to load if a driver comes up with offload support, similar to how
>> we have been loading the 8021q module for many of the drivers that
>> support VLAN offloads.  Hopefully if the fixed port number approach wins
>> out we can simplify things by replacing the function call with a static
>> define.
>
>         I guess you mean you need to find it within the kernel.
>
>         I think whether or not it remains a single port for the machine,
> it would be just silly to make it a fixed port, period. Virtually any
> service allows an administrator to specify an alternate port to run a
> service on.
>         I think one of the primary reasons is that you may want to run
> more than one instance on the same host (e.g., a sandbox installation
> alongside a production installation) -- a capability not there now,
> even though you can specify an alternate port now.
>         But if for whatever reason an adminstrator cares that it uses
> a particular port number, even in a single instance, there is no
> technical reason to disallow it. It'd be bad to assume all VXLAN
> must be on the particular port, and equally bad to assume all traffic
> for that port is VXLAN (esp. on a host that is not using VXLAN at all,
> but very well may want to use a lot of ports, including 8472).
>
>         I think it ought to be fully general -- different devices may
> use different ports and one device may use multiple listeners on different
> ports (to split flows for security, load balancing, or whatever).
>         I'd make it a per-device function interface that gives you a port
> list
> for that device (e.g., an array and length or count). Right now, all
> devices
> would return the single module parameter value, but in the future those
> ought
> to be capable of being entirely distinct lists of ports.

Agreed, the likelihood of a single port winning in the foreseeable
future seems low and not really consistent with the usage of other L4
ports.  Even settling on a single tunneling protocol is unlikely to
happen, so I don't think this problem is specific to VXLAN.  From a
layering perspective, it also seems better to have the protocol
implementation tell the driver what to use rather than inferring it
the other way around.

As far as GRO/RPS, we really want to do this as early in the
processing path as possible and not wait until the socket lookup since
the more work we do first, the less the benefit.  I think the position
in the stack for both the hardware and software versions are very
analogous.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ