lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 4 Jul 2016 10:41:07 +0200
From:	Victor Julien <victor@...iniac.net>
To:	David Miller <davem@...emloft.net>, tom@...bertland.com
Cc:	netdev@...r.kernel.org, eric@...it.org
Subject: Re: [PATCH] packet: Use symmetric hash for PACKET_FANOUT_HASH.

On 02-07-16 22:38, David Miller wrote:
> From: Tom Herbert <tom@...bertland.com>
> Date: Fri, 1 Jul 2016 14:16:54 -0700
> 
>> On Fri, Jul 1, 2016 at 2:07 PM, David Miller <davem@...emloft.net> wrote:
>>> From: Tom Herbert <tom@...bertland.com>
>>> Date: Fri, 1 Jul 2016 13:52:58 -0700
>>>
>>>> Why are symmetric hashes required?
>>>
>>> Because they want load balancing, such that one flow only can overrun
>>> one single socket not all of the ones in the fanout.
>>>
>> I'm still missing it. Why is this any different than what we need with
>> something like SO_REUSEPORT?
> 
> Because local sockets only demux on RX packets for a flow so they
> don't need a symmetric hash, and in fact wouldn't even notice if the
> hash was symmetric or not.
> 
> Programs like suricata that are operating as a bump in the stack see
> both directions of traffic for a flow and therefore for them whether
> the hash is symmetric is an issue.

Tools like Suricata, Bro, Snort, netsniff-ng are often used to sit on
the side and receive a copy of the traffic from a tap or span port. This
leads to both sides of connections coming in on the RX side. As the said
tools often rely on the hashing for load balancing to multiple
threads/processes, the hashing should be done symmetrically.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ