lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 May 2021 12:01:16 -0600
From:   David Ahern <dsahern@...il.com>
To:     Lorenzo Bianconi <lorenzo@...nel.org>, bpf@...r.kernel.org
Cc:     netdev@...r.kernel.org, davem@...emloft.net, kuba@...nel.org,
        daniel@...earbox.net, ast@...nel.org, echaudro@...hat.com,
        magnus.karlsson@...el.com, toke@...hat.com, brouer@...hat.com,
        bjorn@...nel.org, maciej.fijalkowski@...el.com,
        john.fastabend@...il.com
Subject: Re: [RFC bpf-next 0/4] add partial rx hw csum offload support for XDP

On 5/28/21 11:43 AM, Lorenzo Bianconi wrote:
> Enable xdp rx checksum offload support for CHECKSUM_UNNECESSARY use-case.
> Introduce flag field in xdp_buff/xdp_frame in order to save the checksum
> result from the NIC and have a fast access to it performing XDP_REDIRECT.
> CHECKSUM_COMPLETE is not supported yet since it will require adding the
> csum result to the xdp_metadata area.
> Moreover flag field will be reused for xdp multi-buff support.
> This series has been tested generating UDP traffic with pktgen and performing
> a xdp_redirect from an ixgbe device to a remote CPUMAP entry. PPS results show
> a negligible penalty respect to the baseline where the UDP checksum has been
> disabled. More info about the test can be found here [0].
> 
> [0] https://github.com/xdp-project/xdp-project/blob/master/areas/core/xdp_frame01_checksum.org
> 

For the wider audience, another example of the performance benefit of
this rather simple change is XDP_REDIRECT to VMs (and containers) for
TCP traffic which requires checksum.

The VM piece requires the change to the tun driver from my original
patch which passes the VIRTIO_NET_HDR_F_DATA_VALID flag for
CHECKSUM_UNNECESSARY:

https://github.com/dsahern/linux/commit/b6b4d4ef9562383d8b407a873d30082afdc1b89c

(I can send that followup after this set lands.)

Using ConnectX-5 and the mlx5 change in the above commit I was seeing at
least a 300k pps improvement depending on the test. e.g., from 2M pps to
2.3M for 1500 MTU packets or 1.3M to 1.6M for 3400 MTU.

Similar results for containers.

Right now the checksum validation done by H/W is lost on the redirect.
This change propagates the validation and avoids the csum_partial
overhead as the skb is processed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ