| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jul 2022 12:31:38 -0700
From: Saeed Mahameed <saeedm@...dia.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: Lior Nahmanson <liorna@...dia.com>,
Paolo Abeni <pabeni@...hat.com>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Raed Salem <raeds@...dia.com>, Jiri Pirko <jiri@...dia.com>,
Yossi Kuperman <yossiku@...dia.com>
Subject: Re: [PATCH net-next v3 2/3] net/macsec: Add MACsec skb extension Rx
Data path support
On 13 Jul 11:34, Jakub Kicinski wrote:
>On Wed, 13 Jul 2022 06:21:25 +0000 Lior Nahmanson wrote:
>> For Rx there is no limitation for the number of different SCIs.
>> from MACsec driver code:
>>
>> struct macsec_secy {
>> ...
>> struct macsec_rx_sc __rcu *rx_sc; // each rx_sc contains unique SCI
>> };
>>
>> static int macsec_add_rxsc(struct sk_buff *skb, struct genl_info *info)
>> {
>> ...
>> rx_sc = create_rx_sc(dev, sci);
>> ...
>> }
>>
>> where create_rx_sc() adds new rx_sc node to the secy->rx_sc list.
>
>Right, so instead of putting them on a list put them in a map (IDR?)
it has to be rcu protected data structure and with a fast lookup, otherwise
multicore performance will tank, so a rhashtable or xarray, rhashtable might
be more efficient as the key (SCI) range is too big and keys can be too
spread out.
>and pre-allocate the metadata dst here. Then the driver just does a
>lookup. If lookup failed then the SCI is not configured and macsec will
>not consume the packet, anyway.
Powered by blists - more mailing lists