lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACGkMEsw-B5b-Kkx=wfW=obMuj-Si3GPyr_efSeCoZj+FozWmA@mail.gmail.com>
Date: Mon, 12 Aug 2024 14:05:39 +0800
From: Jason Wang <jasowang@...hat.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: ayaka <ayaka@...lik.info>, netdev@...r.kernel.org, davem@...emloft.net, 
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: tuntap: add ioctl() TUNGETQUEUEINDX to fetch queue index

On Fri, Aug 9, 2024 at 10:55 PM Willem de Bruijn
<willemdebruijn.kernel@...il.com> wrote:
>
> ayaka wrote:
> >
> > Sent from my iPad
>
> Try to avoid ^^^
>

[...]

> > 2. Does such a hash operation happen to every packet passing through?
>
> For packets with a local socket, the computation is cached in the
> socket.
>
> For these tunnel packets, see tun_automq_select_queue. Specifically,
> the call to __skb_get_hash_symmetric.
>
> I'm actually not entirely sure why tun has this, rather than defer
> to netdev_pick_tx, which call skb_tx_hash.

Not sure I get the question, but it needs to use a consistent hash to
match the flows stored before.

>
> > 3. Is rxhash based on the flow tracking record in the tun driver?
> > Those CPU overhead may demolish the benefit of the multiple queues and filters in the kernel solution.
>
> Keyword is "may". Avoid premature optimization in favor of data.
>
> > Also the flow tracking has a limited to 4096 or 1024, for a IPv4 /24 subnet, if everyone opened 16 websites, are we run out of memory before some entries expired?
> >
> > I want to  seek there is a modern way to implement VPN in Linux after so many features has been introduced to Linux. So far, I don’t find a proper way to make any advantage here than other platforms.

I think I need to understand how we could define "modern" here.

Btw, I vaguely remember there are some new vpn projects that try to
use vhost-net to accelerate.

E.g https://gitlab.com/openconnect/openconnect

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ