lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <911391576102085@myt2-c3952fd46804.qloud-c.yandex.net> Date: Thu, 12 Dec 2019 01:08:05 +0300 From: Aleksei Zakharov <zakharov.a.g@...dex.ru> To: Willem de Bruijn <willemdebruijn.kernel@...il.com> Cc: Network Development <netdev@...r.kernel.org> Subject: Re: RPS arp processing 11.12.2019, 22:00, "Willem de Bruijn" <willemdebruijn.kernel@...il.com>: > On Wed, Dec 11, 2019 at 10:34 AM Aleksei Zakharov > <zakharov.a.g@...dex.ru> wrote: >> Hi, everyone >> Is it possible to balance ARP across CPUs with RPS? >> I don't clearly understand how hash is calulated for ARP packets, but it seems that it should consider source and target IPs. > > The hash is derived by flow dissection: > > get_rps_cpus > ___skb_get_hash > skb_flow_dissect_flow_keys > > This calls __skb_flow_dissector with the flow_keys_dissector > dissection program, which is initialized in > init_default_flow_dissectors from flow_keys_dissector_keys. > > That program incorporates IPV4_ADDRS and IPV6_ADDRS. But that does not > apply to ARP packets. Contrast case ETH_P_IPV6 with case ETH_P_ARP in > __skb_flow_dissect. > > The flow dissector calls __skb_flow_dissect_arp() for deeper > dissection, from which you could extract entropy for RPS. But the > flow_keys_dissector program does not have FLOW_DISSECTOR_KEY_ARP > enabled. Thank you very much for the explanation! > >> In our current setup we have one l2 segment between external hardware routers and namespaces on linux server. >> When router sends ARP request, it is passed through server's physical port, then via openvswitch bridge it is copied to every namespace. >> We've found that all ARPs (for different destination ips and few source ips) are processed on one CPU inside namespaces. We use RPS, and most packets are balanced between all CPUs. > > I suggest looking at the newer BPF flow dissector, which allows tuning > dissection to specific use cases, like yours. Thanks, I'll take a look at bpf dissector. > >> Kernel 4.15.0-65 from ubuntu 18.04. >> >> Might this issue be related to namespaces somehow? >> >> -- >> Regards, >> Aleksei Zakharov -- Regards, Aleksei Zakharov
Powered by blists - more mailing lists