lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 23 Mar 2018 02:43:16 -0400
From:   "Md. Islam" <mislam4@...t.edu>
To:     ebiederm@...ssion.com, xemul@...nvz.org, netdev@...r.kernel.org,
        shemminger@...l.org, Eric Dumazet <edumazet@...gle.com>,
        dsahern@...il.com, roopa@...ulusnetworks.com, tom@...bertland.com,
        alexei.starovoitov@...il.com, f.fainelli@...il.com,
        brouer@...hat.com
Subject: [PATCH net-next] XDP router for veth

Hi

This patch implements IPv4 forwarding on xdp_buff. Currently it only
works with VETH. It forwards packets as soon as a veth receives a
packet. Currently VETH uses slow path for packet forwarding which
requires packet to go through upper layers. However this patch
forwards the packet as soon as it is received by L2.

The patch accomplishes following:

1. xdp_buff support is added to VETH. This will allow us to implement
XDP forwarding logic without having physical NIC.
2. Ipv4 forwarding is implemented for xdp_buff. So router fast path is
completely implemented in kernel (unlike eBPF)

I tested my implementation in Mininet [1]. Mininet is based on veth. I
tested the patch for following topologies.


h1 -----s1-------h2


   h                      h
     \                     /
       \                  /
h -----s1-------------s2-------h
       /                 \
     /                    \
   h                      h

I generated packets using iperf and a custom video streaming
application. IPv4 forwarding seems to be working properly. I'm also
getting higher throughput and lower latency than current veth. For
instance, on my machine, the throughput of iperf improved from
53.8Gb/s to around 56Gb/s. Median RTT improved from around .055 ms to
around .045 ms.

1. http://mininet.org/

The patch has been generated with kernel 4.15.0+. Please let me know
any question or suggestions.

Many thanks
Tamim
PhD Candidate,
Kent State University
http://web.cs.kent.edu/~mislam4/

View attachment "xdp-fastpath.patch" of type "text/x-patch" (9847 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ