lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0f7cf08c-58fc-45f4-84a3-57b8fae91074@blackwall.org>
Date: Wed, 11 Dec 2024 09:46:51 +0200
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org
Cc: bpf@...r.kernel.org, mkubecek@...e.cz, Ido Schimmel <idosch@...sch.org>,
 Jiri Pirko <jiri@...dia.com>
Subject: Re: [PATCH net 3/5] bonding: Fix feature propagation of
 NETIF_F_GSO_ENCAP_ALL

On 12/10/24 16:12, Daniel Borkmann wrote:
> Drivers like mlx5 expose NIC's vlan_features such as
> NETIF_F_GSO_UDP_TUNNEL & NETIF_F_GSO_UDP_TUNNEL_CSUM which are
> later not propagated when the underlying devices are bonded and
> a vlan device created on top of the bond.
> 
> Right now, the more cumbersome workaround for this is to create
> the vlan on top of the mlx5 and then enslave the vlan devices
> to a bond.
> 
> To fix this, add NETIF_F_GSO_ENCAP_ALL to BOND_VLAN_FEATURES
> such that bond_compute_features() can probe and propagate the
> vlan_features from the slave devices up to the vlan device.
> 
> Given the following bond:
> 
>   # ethtool -i enp2s0f{0,1}np{0,1}
>   driver: mlx5_core
>   [...]
> 
>   # ethtool -k enp2s0f0np0 | grep udp
>   tx-udp_tnl-segmentation: on
>   tx-udp_tnl-csum-segmentation: on
>   tx-udp-segmentation: on
>   rx-udp_tunnel-port-offload: on
>   rx-udp-gro-forwarding: off
> 
>   # ethtool -k enp2s0f1np1 | grep udp
>   tx-udp_tnl-segmentation: on
>   tx-udp_tnl-csum-segmentation: on
>   tx-udp-segmentation: on
>   rx-udp_tunnel-port-offload: on
>   rx-udp-gro-forwarding: off
> 
>   # ethtool -k bond0 | grep udp
>   tx-udp_tnl-segmentation: on
>   tx-udp_tnl-csum-segmentation: on
>   tx-udp-segmentation: on
>   rx-udp_tunnel-port-offload: off [fixed]
>   rx-udp-gro-forwarding: off
> 
> Before:
> 
>   # ethtool -k bond0.100 | grep udp
>   tx-udp_tnl-segmentation: off [requested on]
>   tx-udp_tnl-csum-segmentation: off [requested on]
>   tx-udp-segmentation: on
>   rx-udp_tunnel-port-offload: off [fixed]
>   rx-udp-gro-forwarding: off
> 
> After:
> 
>   # ethtool -k bond0.100 | grep udp
>   tx-udp_tnl-segmentation: on
>   tx-udp_tnl-csum-segmentation: on
>   tx-udp-segmentation: on
>   rx-udp_tunnel-port-offload: off [fixed]
>   rx-udp-gro-forwarding: off
> 
> Various users have run into this reporting performance issues when
> configuring Cilium in vxlan tunneling mode and having the combination
> of bond & vlan for the core devices connecting the Kubernetes cluster
> to the outside world.
> 
> Fixes: a9b3ace44c7d ("bonding: fix vlan_features computing")
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> Cc: Nikolay Aleksandrov <razor@...ckwall.org>
> Cc: Ido Schimmel <idosch@...sch.org>
> Cc: Jiri Pirko <jiri@...dia.com>
> ---
>  drivers/net/bonding/bond_main.c | 1 +
>  1 file changed, 1 insertion(+)
> 

Indeed, I've tested a similar change a year ago to get the expected performance.

Reviewed-by: Nikolay Aleksandrov <razor@...ckwall.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ