lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 13 Feb 2018 14:32:06 +0200
From:   Ido Schimmel <idosch@...sch.org>
To:     David Ahern <dsahern@...il.com>
Cc:     netdev@...r.kernel.org, roopa@...ulusnetworks.com,
        nikolay@...ulusnetworks.com, idosch@...lanox.com
Subject: Re: [PATCH RFC net-next 0/7] net/ipv6: Add support for path
 selection using hash of 5-tuple

Hi David,

On Mon, Feb 12, 2018 at 04:05:55PM -0800, David Ahern wrote:
> Hardware supports multipath selection using the standard L4 5-tuple
> instead of just L3 and the flow label. In addition, some network
> operators prefer IPv6 path selection to use the 5-tuple. To that end,
> add support to IPv6 for multipath hash policy similar to
> bf4e0a3db97eb ("net: ipv4: add support for ECMP hash policy choice").
> The default is still L3 which covers source and destination addresses
> along with flow label and IPv6 protocol.
> 
> A separate sysctl is added for IPv6, allowing IPv4 and IPv6 to use
> different algorithms if desired.
> 
> The first 2 patches modify the IPv4 variant so that at the end of the
> patch set the ipv4 and ipv6 implementations are direct parallels.
> 
> Patch 3 refactors the existing rt6_multipath_hash in preparation for
> adding the policy option.
> 
> Patch 4 renames the existing netevent to have IPv4 in the name so ipv4
> changes can be distinguished from IPv6 if the netevent handler cares.
> 
> Patch 5 adds the L4 hash support.
> 
> Patch 6 adds the hook for the netevent to the spectrum driver to update
> the ASIC.
> 
> Patch 7 removes no longer used code.

Thanks for working on this.

I've yet to review the patches, but I did test them. The good news is
that the offloaded path works as expected. Different flows (random UDP
destination port, zero flowlabel) are hashed to different nexthops. With
the default policy all the flows are hashed to the same nexthop.

However, it seems that the kernel isn't spreading the traffic as
expected and the same nexthop is always hit. I'll look into it later
this week when I have some more time.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ