| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Sep 2014 14:40:05 +0200 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Vlad Yasevich <vyasevich@...il.com>, David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, eric.dumazet@...il.com, nicolas.dichtel@...nd.com Subject: Re: [PATCH net-next] ipv6: implement rt_genid_bump_ipv6 with fn_sernum and remove rt6i_genid On Thu, Sep 11, 2014, at 14:22, Vlad Yasevich wrote: > On 09/11/2014 04:30 AM, Hannes Frederic Sowa wrote: > > On Mi, 2014-09-10 at 13:09 -0700, David Miller wrote: > >> From: Hannes Frederic Sowa <hannes@...essinduktion.org> > >> Date: Wed, 10 Sep 2014 11:31:28 +0200 > >> > >>> In case we need to force the sockets to relookup the routes we now > >>> increase the fn_sernum on all fibnodes in the routing tree. This is a > >>> costly operation but should only happen if we have major routing/policy > >>> changes in the kernel (e.g. manual route adding/removal, xfrm policy > >>> changes). > >> > >> Core routers can update thousands of route updates per second, and they > >> do this via what you refer to as "manual route adding/removal". > > > > Sorry, I was too unspecific here. Route changes because of address > > removal/addition on the local stack. > > > > The reason why we do the bump_id here is that we want to flush all the > > socket caches in case we have either lost or gained access to a new > > source address. > > > > If you think about e.g. BGP routers which update lots of routes, they > > aren't affected and the flush won't happen on every route change. > > > >> I don't think we want to put such a scalability problem into the tree. > >> > >> There has to be a lightweight way to address this. > > > > I am still investigating why this bump_id actually happened. Seems the > > reason is only sctp ontop of IPv6 and maybe we can build something much > > more lightweight, yes. > > No. It was proven that a regular TCP socket could continue sending > traffic using an address that was removed. I have seen the original discussion regarding SCTP. I still think the reason for this is that we don't update fn_sernum during pruning clones from the trie. Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists