lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANn89i+go9pqvdQVMLaHFdi6nj1jaHMazko6MpngmUMmPLAe9w@mail.gmail.com>
Date:   Fri, 3 Dec 2021 13:41:25 -0800
From:   Eric Dumazet <edumazet@...gle.com>
To:     Daniel Borkmann <daniel@...earbox.net>
Cc:     xiangxia.m.yue@...il.com, netdev@...r.kernel.org,
        davem@...emloft.net, kuba@...nel.org, ast@...nel.org,
        andrii@...nel.org, kafai@...com, songliubraving@...com, yhs@...com,
        john.fastabend@...il.com, kpsingh@...nel.org, atenart@...nel.org,
        alexandr.lobakin@...el.com, weiwan@...gle.com, arnd@...db.de
Subject: Re: [net v4 2/3] net: sched: add check tc_skip_classify in sch egress

On Fri, Dec 3, 2021 at 1:35 PM Daniel Borkmann <daniel@...earbox.net> wrote:
>
> On 12/2/21 3:47 AM, xiangxia.m.yue@...il.com wrote:
> > From: Tonghao Zhang <xiangxia.m.yue@...il.com>
> >
> > Try to resolve the issues as below:
> > * We look up and then check tc_skip_classify flag in net
> >    sched layer, even though skb don't want to be classified.
> >    That case may consume a lot of cpu cycles.
> >
> >    Install the rules as below:
> >    $ for id in $(seq 1 10000); do
> >    $       tc filter add ... egress prio $id ... action mirred egress redirect dev ifb0
> >    $ done
> >
> >    netperf:
> >    $ taskset -c 1 netperf -t TCP_RR -H ip -- -r 32,32
> >    $ taskset -c 1 netperf -t TCP_STREAM -H ip -- -m 32
> >
> >    Before: 152.04 tps, 0.58 Mbit/s
> >    After:  303.07 tps, 1.51 Mbit/s
> >    For TCP_RR, there are 99.3% improvement, TCP_STREAM 160.3%.
>
> As it was pointed out earlier by Eric in v3, these numbers are moot since noone
> is realistically running such a setup in practice with 10k linear rules.

Yes, I am so sorry that I used a sarcastic comment.

I really should have asked if a real world case was using a lot of filters.
If so, maybe we can do something about that, for packets actually
going through these filters.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ