lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YdaUuOq+SkhYTWU8@TonyMac-Alibaba>
Date:   Thu, 6 Jan 2022 15:05:28 +0800
From:   Tony Lu <tonylu@...ux.alibaba.com>
To:     Karsten Graul <kgraul@...ux.ibm.com>
Cc:     "D. Wythe" <alibuda@...ux.alibaba.com>, dust.li@...ux.alibaba.com,
        kuba@...nel.org, davem@...emloft.net, netdev@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-rdma@...r.kernel.org
Subject: Re: [PATCH net-next v2] net/smc: Reduce overflow of smc clcsock
 listen queue

On Wed, Jan 05, 2022 at 08:13:23PM +0100, Karsten Graul wrote:
> On 05/01/2022 16:06, D. Wythe wrote:
> > LGTM. Fallback makes the restrictions on SMC dangling
> > connections more meaningful to me, compared to dropping them.
> > 
> > Overall, i see there are two scenario.
> > 
> > 1. Drop the overflow connections limited by userspace application
> > accept.
> > 
> > 2. Fallback the overflow connections limited by the heavy process of
> > current SMC handshake. ( We can also control its behavior through
> > sysctl.)
> > 
> 
> I vote for (2) which makes the behavior from user space applications point of view more like TCP.

Fallback when smc reaches itself limit is a good idea. I'm curious
whether the fallback reason is suitable, it more like a non-negative
issue. Currently, smc fallback for negative issues, such as resource not
available or internal error. This issue doesn't like a non-negative
reason.

And I have no idea about to mix the normal and fallback connections at
same time, meanwhile there is no error happened or hard limit reaches,
is a easy to maintain for users? Maybe let users misunderstanding, a
parameter from userspace control this limit, and the behaviour (drop or
fallback).
 
> One comment to sysctl: our current approach is to add new switches to the existing 
> netlink interface which can be used with the smc-tools package (or own implementations of course). 
> Is this prereq problematic in your environment? 
> We tried to avoid more sysctls and the netlink interface keeps use more flexible.

I agree with you about using netlink is more flexible. There are
something different in our environment to use netlink to control the
behaves of smc.

Compared with netlink, sysctl is:
- easy to use on clusters. Applications who want to use smc, don't need
  to deploy additional tools or developing another netlink logic,
  especially for thousands of machines or containers. With smc forward,
  we should make sure the package or logic is compatible with current
  kernel, but sysctl's API compatible is easy to discover.

- config template and default maintain. We are using /etc/sysctl.conf to
  make sure the systeml configures update to date, such as pre-tuned smc
  config parameters. So that we can change this default values on boot,
  and generate lots of machines base on this machine template. Userspace
  netlink tools doesn't suit for it, for example ip related config, we
  need additional NetworkManager or netctl to do this.

- TCP-like sysctl entries. TCP provides lots of sysctl to configure
  itself, somethings it is hard to use and understand. However, it is
  accepted by most of users and system. Maybe we could use sysctl for
  the item that frequently and easy to change, netlink for the complex
  item.

We are gold to contribute to smc-tools. Use netlink and sysctl both
time, I think, is a more suitable choice.

Thanks,
Tony Lu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ