lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 25 Apr 2018 19:52:03 +0300
From:   Jonathan Morton <chromatix99@...il.com>
To:     Eric Dumazet <eric.dumazet@...il.com>
Cc:     Toke Høiland-Jørgensen <toke@...e.dk>,
        netdev@...r.kernel.org, cake@...ts.bufferbloat.net
Subject: Re: [Cake] [PATCH net-next v3] Add Common Applications Kept Enhanced
 (cake) qdisc

> We can see here the high cost of forcing software GSO :/
> 
> Really, this should be done only :
> 1) If requested by the admin ( tc .... gso ....)
> 
> 2) If packet size is above a threshold.
>  The threshold could be set by the admin, and/or based on a fraction of the bandwidth parameter.
> 
> I totally understand why you prefer to segment yourself for < 100 Mbit links.
> 
> But this makes no sense on 10Gbit+

It is absolutely necessary, so far as I can see, to segment GSO superpackets when overhead compensation is selected - as it very often should be, even on pure Ethernet links.  Without that, the calculation of link occupancy time will be wrong.  (The actual transmission time of an Ethernet frame is rather more than just 14 bytes longer than the underlying IP packet.)

Another reason to apply GSO segmentation is to achieve maximal smoothness of flow isolation.  This should still be achievable within some tolerance at high link rates, but calculating this tolerance is complicated by the triple-isolate algorithm.

If there's a way to obtain the individual packet sizes without incurring the full segmentation overhead, it may be worth considering (at high link rates only).  I would want to leave it on by default, because some of Cake's demonstrably superior latency performance depends on seeing the real packets, not the aggregates, and the overhead only becomes significant above 100Mbps on weak MIPS CPUs and 1Gbps on vaguely modern x86 stuff.

 - Jonathan Morton

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ