lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20180628.222156.1257330145207562337.davem@davemloft.net>
Date:   Thu, 28 Jun 2018 22:21:56 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     fbl@...hat.com
Cc:     netdev@...r.kernel.org, eric.dumazet@...il.com, pabeni@...hat.com,
        fw@...len.de, netfilter-devel@...r.kernel.org
Subject: Re: [PATCH v2 net-next 0/2] net: preserve sock reference when
 scrubbing the skb.

From: Flavio Leitner <fbl@...hat.com>
Date: Wed, 27 Jun 2018 10:34:24 -0300

> The sock reference is lost when scrubbing the packet and that breaks
> TSQ (TCP Small Queues) and XPS (Transmit Packet Steering) causing
> performance impacts of about 50% in a single TCP stream when crossing
> network namespaces.
> 
> XPS breaks because the queue mapping stored in the socket is not
> available, so another random queue might be selected when the stack
> needs to transmit something like a TCP ACK, or TCP Retransmissions.
> That causes packet re-ordering and/or performance issues.
> 
> TSQ breaks because it orphans the packet while it is still in the
> host, so packets are queued contributing to the buffer bloat problem.
> 
> Preserving the sock reference fixes both issues. The socket is
> orphaned anyways in the receiving path before any relevant action,
> but the transmit side needs some extra checking included in the
> first patch.
> 
> The first patch will update netfilter to check if the socket
> netns is local before use it.
> 
> The second patch removes the skb_orphan() from the skb_scrub_packet()
> and improve the documentation.
> 
> ChangeLog:
> - split into two (Eric)
> - addressed Paolo's offline feedback to swap the checks in xt_socket.c
>   to preserve original behavior.
> - improved ip-sysctl.txt (reported by Cong)

Series applied, thanks Flavio.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ