| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jan 2017 17:44:49 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Andrew Collins <acollins@...dlepoint.com> Cc: netdev@...r.kernel.org, edumazet@...gle.com Subject: Re: fq_codel and skb->hash On Mon, 2017-01-16 at 17:04 -0700, Andrew Collins wrote: > The fq_codel packet scheduler always regenerates the skb flow hash. Is there any reason > to do this other than the recent hash perturbation additions? > > I ask because I have a case where an incoming set of TCP flows is encapsulated in a > single ipsec tunnel, which is then classified on egress into a single flow by fq_codel > resulting in poor behavior. > > Reusing the skb hash set in receive results in much better behavior, as the value is > determined pre-encapsulation and flows end up being distributed more naturally across > codel queues. > > Is opportunistically using the pre-existing skb hash (if available) problematic? I guess this would be fine. We never exported the 'perturbation' or allowed to change/set it. The only 'risk' would be having a buggy device setting a wrong L4 skb->hash, or buggy protocol messing with skb->hash for a given flow. > Is there a better way to manage flow separation in routed+encapsulated traffic? Encapsulated traffic is fine, since flow dissector skips encap header(s) up to the L4 header. Problem is about encrypted traffic, since presumably this L4 header is opaque for flow dissector ;)
Powered by blists - more mailing lists