lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f94c0197f6c74d7db1f56b82c459c42a@AcuMS.aculab.com>
Date: Wed, 6 Nov 2024 20:24:37 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Gilad Naaman' <gnaaman@...venets.com>, Marcelo Ricardo Leitner
	<marcelo.leitner@...il.com>, Xin Long <lucien.xin@...il.com>,
	"linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: Solving address deletion bottleneck in SCTP

From: Gilad Naaman
> Sent: 28 October 2024 12:49
...
> the list `net->sctp.local_addr_list` gets obscenely long.
> 
> This list contains both IPv4 and IPv6 addresses, of all scopes, and it is
> a single long list, instead of a hashtable.
> 
> In our case we had 12K interfaces, each with an IPv4 and 2 IPv6 addresses
> (GUA+LLA), which made deletion of a single address pretty expensive, since
> it requires a linear search through 36K addresses.
...

Is that the list that SCTP uses in order to pass all of its local addresses
to the remote system during connection establishment?

In which case it really makes no sense to have the list at all if it contains
more than a handful of addresses.

Indeed the whole notion of 'send ALL my addresses' is just plain broken.
What happens in practise is that applications pretty much always have to
bind to all (typically both) the relevant addresses to stop the system
sending IP addresses that are unroutable from the remote system - and
may even refer to an entirely different local network.

Passing this buck to the application isn't really right either.
It ought to be a property of the network topology.
But that is hard to describe.
The two systems 10.1.1.1 and 10.1.1.2 could both have private 192.168.1.x
networks (without IP forwarding) and other 10.1.1.x hosts could be
randomly connected to either network.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ