lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5762C33C.7030404@iogearbox.net>
Date:	Thu, 16 Jun 2016 17:18:20 +0200
From:	Daniel Borkmann <daniel@...earbox.net>
To:	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	Derek Ditch <derek.ditch@...il.com>
CC:	netdev@...r.kernel.org, tom@...bertland.com, jiri@...nulli.us,
	willemb@...gle.com, eric@...it.org
Subject: Re: [Bug 120441] af_packet no longer uses symmetric hashing

On 06/16/2016 04:50 PM, Hannes Frederic Sowa wrote:
> On 16.06.2016 16:37, Daniel Borkmann wrote:
>> On 06/16/2016 03:57 PM, Derek Ditch wrote:
>> [...]
>>>> Begin forwarded message:
>>>>
>>>> From: bugzilla-daemon@...zilla.kernel.org
>>>> Subject: [Bug 120441] af_packet no longer uses symmetric hashing
>>>> Date: June 16, 2016 at 07:35:54 -0500
>>>> To: derek.ditch@...il.com
>>>>
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=120441
>>
>> Just thinking out loud, perhaps one way would be to implement your own
>> fanout
>> hashing via eBPF demuxer, f.e. in case CPU selection etc wouldn't work.
>> Another
>> option could be to have a (2nd) customizable hash demux that would
>> enforce to
>> always go through the flow-dissector and where you would have a socket
>> option
>> to control keys for it, but I presume that seems rather less desirable.
>
> Isn't a symmetric hashing for af-packet something very fundamental?
> Looks much more like a bug to me.

I agree it would be useful resp. fundamental. I'm not quite sure whether
PACKET_FANOUT_HASH always had this guarantee since the initial implementation
f.e. depending on whether the skb got fanout demuxed from RX or TX paths,
you would either use a hw hash or it would have gone through the kernel's
(predecessor) flow dissector (and therefore potentially to different packet
sockets eventually). It might be the case that this got noticed due to the
flow dissector nowadays collecting more input for building its hash, hmm.

> Bye,
> Hannes
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ