| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1464043706-2843932-1-git-send-email-tom@herbertland.com>
Date: Mon, 23 May 2016 15:48:19 -0700
From: Tom Herbert <tom@...bertland.com>
To: <davem@...emloft.net>, <netdev@...r.kernel.org>
CC: <kernel-team@...com>
Subject: [RFC PATCH 0/7] tou: Transports over UDP - part I
Transports over UDP is intended to encapsulate TCP and other transport
protocols directly and securely in UDP.
The goal of this work is twofold:
1) Allow applications to run their own transport layer stack (i.e.from
userspace). This eliminates dependencies on the OS (e.g. solves a
major dependency issue for Facebook on clients).
2) Make transport layer headers (all of L4) invisible to the network
so that they can't do intrusive actions at L4. This will be enforced
with DTLS in use.
Note that #1 is really about running a transport stack in userspace
applications in clients, not necessarily servers. For servers we
intend to modified the kernel stack in order to leverage existing
implementation for building scalable serves (hence these patches).
This is described in more detail in the Internet Draft:
https://tools.ietf.org/html/draft-herbert-transports-over-udp-00
In Part I we implement a straightforward encapsulation of TCP in GUE.
The implements the basic mechanics of TOU encapsulation for TCP,
however does not yet implement the IP addressing interactions so
therefore so this is not robust to use in the presence of NAT.
TOU is enabled per socket with a new socket option. This
implementation includes GSO, GRO, and RCO support.
These patches also establish the baseline performance of TOU
and isolate the performance cost of UDP encapsulation. Performance
results are below.
Tested: Various cases of TOU with IPv4, IPv6 using TCP_STREAM and
TCP_RR. Also, tested IPIP for comparing TOU encapsulation to IP
tunneling.
- IPv6 native
1 TCP_STREAM
8394 tps
200 TCP_RR
1726825 tps
100/177/361 90/95/99% latencies
- IPv6 TOU with RCO
1 TCP_STREAM
7410 tps
200 TCP_RR
1445603 tps
121/211/395 90/95/99% latencies
- IPv4 native
1 TCP_STREAM
8525 tps
200 TCP_RR
1826729 tps
94/166/345 90/95/99% latencies
- IPv4 TOU with RCO
1 TCP_STREAM
7624 tps
200 TCP_RR
1599642 tps
108/190/377 90/95/99% latencies
- IPIP with GUE and RCO
1 TCP_STREAM
5092 tps
200 TCP_RR
1276716 tps
137/237/445 90/95/99% latencies
Tom Herbert (7):
fou: Get net from sock_net if dev_net unavailable
tou: Base infrastructure for Transport over UDP
ipv4: Support TOU
tcp: Support for TOU
ipv6: Support TOU
tcp6: Support for TOU
tou: Support for GSO
include/linux/skbuff.h | 2 +
include/net/inet_sock.h | 1 +
include/net/udp.h | 2 +
include/uapi/linux/if_tunnel.h | 10 +++
include/uapi/linux/in.h | 1 +
include/uapi/linux/in6.h | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/af_inet.c | 4 +
net/ipv4/fou.c | 24 +++++-
net/ipv4/ip_output.c | 42 ++++++++--
net/ipv4/ip_sockglue.c | 7 ++
net/ipv4/tcp_ipv4.c | 9 ++-
net/ipv4/tou.c | 132 +++++++++++++++++++++++++++++++
net/ipv4/udp_offload.c | 164 +++++++++++++++++++++++++++++++++++++--
net/ipv6/inet6_connection_sock.c | 59 ++++++++++++--
net/ipv6/ipv6_sockglue.c | 7 ++
net/ipv6/tcp_ipv6.c | 11 +--
net/ipv6/udp_offload.c | 128 +++++++++++++++---------------
18 files changed, 512 insertions(+), 95 deletions(-)
create mode 100644 net/ipv4/tou.c
--
2.8.0.rc2
Powered by blists - more mailing lists