lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a6b2a432-e955-4e2a-a1e1-1ed0a4d14b3e@openvpn.net>
Date: Thu, 18 Jul 2024 10:20:27 +0200
From: Antonio Quartulli <antonio@...nvpn.net>
To: Eyal Birger <eyal.birger@...il.com>
Cc: Sabrina Dubroca <sd@...asysnail.net>, netdev@...r.kernel.org,
 kuba@...nel.org, ryazanov.s.a@...il.com, pabeni@...hat.com,
 edumazet@...gle.com, andrew@...n.ch
Subject: Re: [PATCH net-next v5 17/25] ovpn: implement keepalive mechanism

Hi Eyal,

thanks a lot for chiming in.

On 17/07/2024 18:19, Eyal Birger wrote:
> Hi,
> 
> On Wed, Jul 17, 2024 at 8:29 AM Antonio Quartulli <antonio@...nvpn.net> wrote:
>>
>> On 15/07/2024 16:44, Sabrina Dubroca wrote:
> 
>>> This (and ovpn_peer_keepalive_xmit_reset) is going to be called for
>>> each packet. I wonder how well the timer subsystem deals with one
>>> timer getting updated possibly thousands of time per second.
>>>
>>
>> May it even introduce some performance penalty?
>>
>> Maybe we should get rid of the timer object and introduce a periodic
>> (1s) worker which checks some last_recv timestamp on every known peer?
>> What do you think?
> 
> FWIW In NATT keepalive for IPsec the first RFC was using timers and
> the workqueue
> approach was suggested [1], and later implemented [2].
> The code is currently in net-next.
> 
> Eyal.
> 
> [1] https://linux-ipsec.org/pipermail/devel/2023/000283.html
> [2] https://patchwork.kernel.org/project/netdevbpf/patch/20240528032914.2551267-1-eyal.birger@gmail.com/

Thanks for these pointers.

Basically this is pretty much what I had in mind, but rather than 
running the worker every second, the next run is scheduled based on the 
closest expiration time.

I like it!

Since this worker has no other housekeeping to do, I will go with this 
approach as well.


Thanks!
Regards,


-- 
Antonio Quartulli
OpenVPN Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ