lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210809185314.38187-4-tom@herbertland.com>
Date:   Mon,  9 Aug 2021 11:53:14 -0700
From:   Tom Herbert <tom@...bertland.com>
To:     netdev@...r.kernel.org, davem@...emloft.net, brakmo@...com,
        ycheng@...gle.com, eric.dumazet@...il.com, a.e.azimov@...il.com
Cc:     Tom Herbert <tom@...bertland.com>
Subject: [RFC PATCH net-next 3/3] txhash: Change default rethink behavior to be less aggressive

Revert the default rethink behavior to only do a rethink upon negative
advice (at three RTOs with current defaults). This is less aggressive
than the current default which is to rethink the hash at the first
RTO.

The rationale for this change is that IP anycast relies on consistent
routing and changing the hash may affect the routing of the packet
For instance, if the hash is changed then the flow label used for
a TCP connection is changed and so the routing of packets for the
connection may change. If the destination address is anycast, a
route change may direct packets to a different server than doesn't
have state for the connection thereby breaking the connection is broken.
---
 net/core/net_namespace.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 03d3767e6728..bf9696dd7106 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -367,10 +367,8 @@ static int __net_init net_defaults_init_net(struct net *net)
 {
 	net->core.sysctl_somaxconn = SOMAXCONN;
 
-	/* Default rethink mode is aggrssive (i.e. rethink on first RTO) */
-	net->core.sysctl_txrehash_mode = SOCK_TXREHASH_MODE_NEG_ADVICE |
-					 SOCK_TXREHASH_MODE_SYN_RTO |
-					 SOCK_TXREHASH_MODE_RTO;
+	/* Default rethink mode is negative advice (i.e. not rthink on RTO) */
+	net->core.sysctl_txrehash_mode = SOCK_TXREHASH_MODE_NEG_ADVICE;
 
 	return 0;
 }
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ