lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+FuTSey4oa-WPRuAu8TAQFDO9e==e-+-SQ2p4237drq8GzOWQ@mail.gmail.com>
Date:   Wed, 11 Dec 2019 13:59:38 -0500
From:   Willem de Bruijn <willemdebruijn.kernel@...il.com>
To:     Aleksei Zakharov <zakharov.a.g@...dex.ru>
Cc:     Network Development <netdev@...r.kernel.org>
Subject: Re: RPS arp processing

On Wed, Dec 11, 2019 at 10:34 AM Aleksei Zakharov
<zakharov.a.g@...dex.ru> wrote:
>
> Hi, everyone
> Is it possible to balance ARP across CPUs with RPS?
> I don't clearly understand how hash is calulated for ARP packets, but it seems that it should consider source and target IPs.

The hash is derived by flow dissection:

    get_rps_cpus
      ___skb_get_hash
          skb_flow_dissect_flow_keys

This calls __skb_flow_dissector with the flow_keys_dissector
dissection program, which is initialized in
init_default_flow_dissectors from flow_keys_dissector_keys.

That program incorporates IPV4_ADDRS and IPV6_ADDRS. But that does not
apply to ARP packets. Contrast case ETH_P_IPV6 with case ETH_P_ARP in
__skb_flow_dissect.

The flow dissector calls __skb_flow_dissect_arp() for deeper
dissection, from which you could extract entropy for RPS. But the
flow_keys_dissector program does not have FLOW_DISSECTOR_KEY_ARP
enabled.

> In our current setup we have one l2 segment between external hardware routers and namespaces on linux server.
> When router sends ARP request, it is passed through server's physical port, then via openvswitch bridge it is copied to every namespace.
> We've found that all ARPs (for different destination ips and few source ips) are processed on one CPU inside namespaces. We use RPS, and most packets are balanced between all CPUs.

I suggest looking at the newer BPF flow dissector, which allows tuning
dissection to specific use cases, like yours.





> Kernel 4.15.0-65 from ubuntu 18.04.
>
> Might this issue be related to namespaces somehow?
>
> --
> Regards,
> Aleksei Zakharov
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ