lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+FuTSey4oa-WPRuAu8TAQFDO9e==e-+-SQ2p4237drq8GzOWQ@mail.gmail.com> Date: Wed, 11 Dec 2019 13:59:38 -0500 From: Willem de Bruijn <willemdebruijn.kernel@...il.com> To: Aleksei Zakharov <zakharov.a.g@...dex.ru> Cc: Network Development <netdev@...r.kernel.org> Subject: Re: RPS arp processing On Wed, Dec 11, 2019 at 10:34 AM Aleksei Zakharov <zakharov.a.g@...dex.ru> wrote: > > Hi, everyone > Is it possible to balance ARP across CPUs with RPS? > I don't clearly understand how hash is calulated for ARP packets, but it seems that it should consider source and target IPs. The hash is derived by flow dissection: get_rps_cpus ___skb_get_hash skb_flow_dissect_flow_keys This calls __skb_flow_dissector with the flow_keys_dissector dissection program, which is initialized in init_default_flow_dissectors from flow_keys_dissector_keys. That program incorporates IPV4_ADDRS and IPV6_ADDRS. But that does not apply to ARP packets. Contrast case ETH_P_IPV6 with case ETH_P_ARP in __skb_flow_dissect. The flow dissector calls __skb_flow_dissect_arp() for deeper dissection, from which you could extract entropy for RPS. But the flow_keys_dissector program does not have FLOW_DISSECTOR_KEY_ARP enabled. > In our current setup we have one l2 segment between external hardware routers and namespaces on linux server. > When router sends ARP request, it is passed through server's physical port, then via openvswitch bridge it is copied to every namespace. > We've found that all ARPs (for different destination ips and few source ips) are processed on one CPU inside namespaces. We use RPS, and most packets are balanced between all CPUs. I suggest looking at the newer BPF flow dissector, which allows tuning dissection to specific use cases, like yours. > Kernel 4.15.0-65 from ubuntu 18.04. > > Might this issue be related to namespaces somehow? > > -- > Regards, > Aleksei Zakharov >
Powered by blists - more mailing lists