lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180302032950.21154-1-dsahern@gmail.com>
Date:   Thu,  1 Mar 2018 19:29:40 -0800
From:   David Ahern <dsahern@...il.com>
To:     netdev@...r.kernel.org
Cc:     idosch@...sch.org, davem@...emloft.net, roopa@...ulusnetworks.com,
        nikolay@...ulusnetworks.com, tom@...bertland.com,
        David Ahern <dsahern@...il.com>
Subject: [PATCH v2 net-next 00/10] net/ipv6: Add support for path selection using hash of 5-tuple

Hardware supports multipath selection using the standard L4 5-tuple
instead of just L3 and the flow label. In addition, some network
operators prefer IPv6 path selection to use the 5-tuple. To that end,
add support to IPv6 for multipath hash policy similar to
bf4e0a3db97eb ("net: ipv4: add support for ECMP hash policy choice").
The default is still L3 which covers source and destination addresses
along with flow label and IPv6 protocol. This gives users a choice in
hash algorithms if they believe L3 only and the IPv6 flow label are not
sufficient for their use case.

A separate sysctl is added for IPv6, allowing IPv4 and IPv6 to use
different algorithms if desired.

The first 3 patches modify the IPv4 variant so that at the end of the
patch set the ipv4 and ipv6 implementations are direct parallels.

Patch 4 refactors the existing rt6_multipath_hash in preparation for
adding the policy option.

Patch 5 renames the existing netevent to have IPv4 in the name so ipv4
changes can be distinguished from IPv6 if the netevent handler cares.

Patch 6 adds the skb as an argument through the FIB lookup functions
to the multipath selection. Needed for the forwarding case.
 
Patch 7 adds the L4 hash support.

Patch 8 adds the hook for the netevent to the spectrum driver to update
the ASIC.

Patch 9 removes no longer used code.

Patch 10 adds a testcase for IPv6 multipath with L4 hash.

v1 to v2
- rebased to top of tree
- added refactor of fib_multipath_hash following recent change
- plumb skb through lookup functions to multipath selection
- fix sysctl setting; was missing the data set in ipv6_sysctl_net_init
- added test case

RFC to v1:
- rebase to top of net-next
- fix addr_type in hash_keys and removed flow label as noticed by Ido
- added a comment to cover letter about choice in algorithms based on
  use case per Or's comments

David Ahern (10):
  net/ipv4: Pass net to fib_multipath_hash instead of fib_info
  net: Align ip_multipath_l3_keys and ip6_multipath_l3_keys
  net/ipv4: Simplify fib_multipath_hash with optional flow keys
  net/ipv6: Make rt6_multipath_hash similar to fib_multipath_hash
  net: Rename NETEVENT_MULTIPATH_HASH_UPDATE
  net/ipv6: Pass skb to route lookup
  net/ipv6: Add support for path selection using hash of 5-tuple
  mlxsw: spectrum_router: Add support for ipv6 hash policy update
  net: Remove unused get_hash_from_flow functions
  selftests: forwarding: Add multipath test for L4 hashing

 Documentation/networking/ip-sysctl.txt             |   7 ++
 drivers/infiniband/core/cma.c                      |   2 +-
 .../net/ethernet/mellanox/mlxsw/spectrum_router.c  |  13 +-
 drivers/net/ipvlan/ipvlan_core.c                   |   3 +-
 drivers/net/vrf.c                                  |   7 +-
 include/net/fib_rules.h                            |   1 +
 include/net/flow.h                                 |  15 ---
 include/net/ip6_fib.h                              |   4 +-
 include/net/ip6_route.h                            |  15 ++-
 include/net/ip_fib.h                               |   5 +-
 include/net/netevent.h                             |   3 +-
 include/net/netns/ipv6.h                           |   1 +
 net/core/flow_dissector.c                          |  16 ---
 net/ipv4/fib_semantics.c                           |   2 +-
 net/ipv4/route.c                                   |  53 ++++----
 net/ipv4/sysctl_net_ipv4.c                         |   2 +-
 net/ipv6/anycast.c                                 |   2 +-
 net/ipv6/fib6_rules.c                              |   8 +-
 net/ipv6/icmp.c                                    |   5 +-
 net/ipv6/ip6_fib.c                                 |   3 +-
 net/ipv6/ip6_gre.c                                 |   2 +-
 net/ipv6/ip6_tunnel.c                              |   4 +-
 net/ipv6/ip6_vti.c                                 |   2 +-
 net/ipv6/mcast.c                                   |   4 +-
 net/ipv6/netfilter/ip6t_rpfilter.c                 |   2 +-
 net/ipv6/netfilter/nft_fib_ipv6.c                  |   3 +-
 net/ipv6/route.c                                   | 134 +++++++++++++++------
 net/ipv6/seg6_local.c                              |   4 +-
 net/ipv6/sysctl_net_ipv6.c                         |  27 +++++
 .../selftests/net/forwarding/router_multipath.sh   |  44 +++++++
 30 files changed, 261 insertions(+), 132 deletions(-)

-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ