| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2022 14:27:19 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: Ilya Maximets <i.maximets@....org>,
Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [RFE net-next] net: tun: 1000x speed up
Le 24/10/2022 à 13:56, Ilya Maximets a écrit :
> On 10/24/22 11:44, Nicolas Dichtel wrote:
>> Le 21/10/2022 à 18:07, Jakub Kicinski a écrit :
>>> On Fri, 21 Oct 2022 13:49:21 +0200 Ilya Maximets wrote:
>>>> Bump the advertised speed to at least match the veth. 10Gbps also
>>>> seems like a more or less fair assumption these days, even though
>>>> CPUs can do more. Alternative might be to explicitly report UNKNOWN
>>>> and let the application/user decide on a right value for them.
>>>
>>> UNKOWN would seem more appropriate but at this point someone may depend
>>> on the speed being populated so it could cause regressions, I fear :S
>> If it is put in a bonding, it may cause some trouble. Maybe worth than
>> advertising 10M.
>
> My thoughts were that changing the number should have a minimal impact
> while changing it to not report any number may cause some issues in
> applications that doesn't expect that for some reason (not having a
> fallback in case reported speed is unknown isn't great, and the argument
> can be made that applications should check that, but it's hard to tell
> for every application if they actually do that today).
>
> Bonding is also a good point indeed, since it's even in-kernel user.
>
>
> The speed bump doesn't solve the problem per se. It kind of postpones
> the decision, since we will run into the same issue eventually again.
> That's why I wanted to discuss that first.
>
> Though I think that at least unification across virtual devices (tun and
> veth) should be a step in a right direction.
Just to make it clear, I'm not against aligning speed with veth, I'm only
against reporting UNKNOWN.
>
>>
>> Note that this value could be configured with ethtool:
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4e24f2dd516ed
>
> This is interesting, but it's a bit hard to manage, because in order
> to make a decision to bump the speed, application should already know
> that this is a tun/tap device. So, there has to be a special case
But this should be done by the application which creates this tun interface. Not
by the application that uses this information.
> implemented in the code that detects the driver and changes the speed
> (this is about application that is using the interface, but didn't
> create it), but if we already know the driver, then it doesn't make
> sense to actually change the speed in many cases as application can
> already act accordingly.
>
> Also, the application may not have permissions to do that (I didn't
> check the requirements, but my guess would be at least CAP_NET_ADMIN?).
Sure, but the one who creates it, has the right to configure it correctly. It's
part of the configuration of the interface.
Setting an higher default speed seems to be a workaround to fix an incorrect
configuration. And as you said, it will probably be wrong again in a few years ;-)
>
> For the human user it's still one extra configuration step that they
> need to remember to perform.
I don't buy this argument. There are already several steps: creating and
configuring an interface requires more than one command.
Regards,
Nicolas
Powered by blists - more mailing lists