lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 02 Oct 2013 11:09:25 -0700
From:	Eric Dumazet <>
To:	Shawn Bohrer <>
Cc:	David Miller <>,,
	netdev <>
Subject: Re: [net-next 2/3] udp: Add udp early demux

On Wed, 2013-10-02 at 12:34 -0500, Shawn Bohrer wrote:
> On Tue, Oct 01, 2013 at 01:52:49PM -0700, Eric Dumazet wrote:
> > On Tue, 2013-10-01 at 14:33 -0500, Shawn Bohrer wrote:
> > > The removal of the routing cache introduced a performance regression for
> > > some UDP workloads since a dst lookup must be done for each packet.
> > > This change caches the dst per socket in a similar manner to what we do
> > > for TCP by implementing early_demux.
> > > 
> > > For UDP multicast we can only cache the dst if there is only one
> > > receiving socket on the host.  Since caching only works when there is
> > > one receiving socket we do the multicast socket lookup using RCU.
> > 
> > For unicast, we should find a matching socket for early demux only if
> > this is a connected socket.
> > 
> > Otherwise, forwarding setups will break.
> > 
> > You probably need to add a minimum score to __udp4_lib_lookup()
> Perhaps I'm missing something but I don't think a minimum score would
> work because compute_score() and compute_score2() have several ways of
> returning a score of lets say 4 and I don't think they all mean the
> socket is connected.

Just change how score is computed. The existing +4 values are not hard
coded anywhere.

You want to compute a score so that a single compare against a threshold
is enough to tell you what's going on, before even taking a refcount on
the socket.

>   Why not just test the socket returned by
> __udp4_lib_lookup() to see if it is connected in
> udp_v4_early_demux()?  Something like:
>         sk = __udp4_lib_lookup(net, iph->saddr, uh->source,
>                                iph->daddr, uh->dest, dif,
>                                &udp_table);
>         /* Only demux connected sockets or forwarding setups will break */
>         if (sk && !inet_sk(sk)->inet_daddr)
>                 return;

nice socket refcount leak ;)

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists