lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171116085413.3f23a7d6@xeon-e3>
Date:   Thu, 16 Nov 2017 08:54:13 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Roopa Prabhu <roopa@...ulusnetworks.com>
Cc:     Toshiaki Makita <makita.toshiaki@....ntt.co.jp>,
        Sarah Newman <srn@...mr.com>, Andrew Lunn <andrew@...n.ch>,
        netdev@...r.kernel.org
Subject: Re: [PATCH] net: bridge: add max_fdb_count

On Wed, 15 Nov 2017 22:20:23 -0800
Roopa Prabhu <roopa@...ulusnetworks.com> wrote:

> On Wed, Nov 15, 2017 at 10:13 PM, Toshiaki Makita
> <makita.toshiaki@....ntt.co.jp> wrote:
> > On 2017/11/16 13:54, Sarah Newman wrote:  
> >> On 11/15/2017 08:05 PM, Toshiaki Makita wrote:  
> >>> On 2017/11/16 11:25, Andrew Lunn wrote:  
> >>>>> Also what do the vendors using bridge for L2 offload to switch think?  
> >>>>
> >>>> The Marvell L2 switches which DSA supports have 8K FDB/MDB entries. So
> >>>> maybe 1024 is a bit low?  
> >>>
> >>> How about U32_MAX by default since it is currently not restricted.
> >>> (assuming the field will be changed to u32 as per Stephen's feedback).
> >>>
> >>> Otherwise users may suffer from unexpected behavior change by updating
> >>> kernel?
> >>>  
> >>
> >> U32_MAX seems like much too high a default to be helpful to a typical user. How many devices are realistically on a single bridge in the wild? Double
> >> that seems like a reasonable default.  
> >
> > I'm suggesting the most unrealistic number to essentially disable the
> > restriction by default.
> > My understanding is that we put a priority on not to break existing
> > users even if the new restriction looks reasonable for most people.  
> 
> +1 , and yes, 1024 is very low. some of the switches we use support
> around 128K FDB entries and we have seen that number increase fairly
> quickly in newer generation switches. Default should be no limit to
> not break existing users.

New features can not break existing users.

My recommendation would be that 0 be used as a magic value to indicate
no limit and that would be the default.

Also the limit should be controllable on a per port of bridge (interface) basis.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ