lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 2 Aug 2021 21:26:26 -0700
From:   Cong Wang <>
To:     Davide Caratti <>
Cc:     Linux Kernel Network Developers <>
Subject: Re: [PATCH net-next] net/sched: store the last executed chain also
 for clsact egress

On Fri, Jul 30, 2021 at 12:28 PM Davide Caratti <> wrote:
> hello Cong, thanks for looking at this!
> On Wed, Jul 28, 2021 at 03:16:02PM -0700, Cong Wang wrote:
> > On Wed, Jul 28, 2021 at 11:40 AM Davide Caratti <> wrote:
> > >
> > > currently, only 'ingress' and 'clsact ingress' qdiscs store the tc 'chain
> > > id' in the skb extension. However, userspace programs (like ovs) are able
> > > to setup egress rules, and datapath gets confused in case it doesn't find
> > > the 'chain id' for a packet that's "recirculated" by tc.
> > > Change tcf_classify() to have the same semantic as tcf_classify_ingress()
> > > so that a single function can be called in ingress / egress, using the tc
> > > ingress / egress block respectively.
> >
> > I wonder if there is any performance impact with this change? As
> > tcf_classify() now may allocate skb ext (tc_skb_ext_alloc()) too,
> > right after __tcf_classify().
> >
> > Thanks.
> I think there is some performance drop for users that activate
> TC_SKB_EXT, in case packet doesn't match the filter *and* last
> executed_chain is non-zero. But in this case, I also think it's a good
> choice to spend some cycles to save the chain id in the extension: I
> might be wrong, but AFAIK openvswitch is the only "user" that configures
> TC in this way.
> Do you have in mind a specific case where performance can be degraded
> because of this commit? if so, I can try to investigate more.

I do not have any case, just want a double check here in case of any
performance regression.

Thanks for checking it.

Powered by blists - more mailing lists