lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Sep 2014 08:22:33 -0400 From: Vlad Yasevich <vyasevich@...il.com> To: Hannes Frederic Sowa <hannes@...essinduktion.org>, David Miller <davem@...emloft.net> CC: netdev@...r.kernel.org, eric.dumazet@...il.com, nicolas.dichtel@...nd.com Subject: Re: [PATCH net-next] ipv6: implement rt_genid_bump_ipv6 with fn_sernum and remove rt6i_genid On 09/11/2014 04:30 AM, Hannes Frederic Sowa wrote: > On Mi, 2014-09-10 at 13:09 -0700, David Miller wrote: >> From: Hannes Frederic Sowa <hannes@...essinduktion.org> >> Date: Wed, 10 Sep 2014 11:31:28 +0200 >> >>> In case we need to force the sockets to relookup the routes we now >>> increase the fn_sernum on all fibnodes in the routing tree. This is a >>> costly operation but should only happen if we have major routing/policy >>> changes in the kernel (e.g. manual route adding/removal, xfrm policy >>> changes). >> >> Core routers can update thousands of route updates per second, and they >> do this via what you refer to as "manual route adding/removal". > > Sorry, I was too unspecific here. Route changes because of address > removal/addition on the local stack. > > The reason why we do the bump_id here is that we want to flush all the > socket caches in case we have either lost or gained access to a new > source address. > > If you think about e.g. BGP routers which update lots of routes, they > aren't affected and the flush won't happen on every route change. > >> I don't think we want to put such a scalability problem into the tree. >> >> There has to be a lightweight way to address this. > > I am still investigating why this bump_id actually happened. Seems the > reason is only sctp ontop of IPv6 and maybe we can build something much > more lightweight, yes. No. It was proven that a regular TCP socket could continue sending traffic using an address that was removed. -vlad > > Thanks, > Hannes > > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists