lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20180903065650.GL23674@gauss3.secunet.de>
Date:   Mon, 3 Sep 2018 08:56:50 +0200
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     Yannick Brosseau <scientist@...com>
CC:     <herbert@...dor.apana.org.au>, <davem@...emloft.net>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <kernel-team@...com>
Subject: Re: [PATCH v2] Optimize lookup of /0 xfrm policies

On Fri, Aug 31, 2018 at 06:18:38PM -0400, Yannick Brosseau wrote:
> Currently, all the xfrm policies that are not /32 end up in
> the inexact policies linked list which take a long time to lookup.

It is possible to configure which policies are going to the
hashtable and the inexact list.

You can do:

ip x p set hthresh4 0 0

This sets the hash threshold to local /0 and remote /0 netmasks.
With this configuration, all policies should go to the hashtable.

To view the configuration:

ip -s -s x p count

Can you please do your tests with this too?
I'd really like to avoid to add new code to the policy lookup
if we can get similar results with this configuration option.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ