From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id AC72A3CB35 for ; Sun, 6 Jan 2019 23:00:10 -0500 (EST) Received: by mail-qk1-x730.google.com with SMTP id 189so24658822qkj.8 for ; Sun, 06 Jan 2019 20:00:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:content-language:thread-index; bh=7TxO0PhdWmivvKuaCDP34+fMD3EZWZk3eTOs88b8vzI=; b=eiDDaHFXAdQ3iX/3Tv2aq5YCEVIT6VUFgAbyE6LLE/TcWjtCVQe9wLElRFteLwqppo 1jmvMfkfFZ3ZRqDIwBDOeORLNldK+jdAyXUrqses25dbvKv36A6KZrMFnmp484o1KJLl 9kXcTk8G/DwmEByjjI4xSOqdEFdgLSen7rfGFHoDWt3hjE9cwvZdcOMxvKpPE4kBjW9I TLC7uofBkdy6iuL9WWhDTwGJrPE0oOAZ45leepDNA9+hTH9rK/mHfmleT0CVDszFV2p2 f0pzZcS7IrBGF0R7a1ua2I7mw80Lg55rGcE8bVg4q6/dxwsrN1Yp01MX8R9pz2cEDMWT glrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:content-language:thread-index; bh=7TxO0PhdWmivvKuaCDP34+fMD3EZWZk3eTOs88b8vzI=; b=kKfKk4i8BjJ0o9oQ1uHPrv/atAKTb7Bmgc46Qzf07htc6gQhF3EF53TCQANjcM6Par 55/8MLyUjwUMc64ilcDxPKTjz2czsOsgPVNGSp9lmAyemdhdjwYLSMeJ7db2SkFD9Of4 h88EkxeTboni+o7pUBX68aYxkAOgxbSQeTnPBO1KSEEMopC+ay0fJlfrkGO5bFWu8VFO 54AX7qhivjjb06e4RxLfr83Lj+H1OEqmkc0ifwxNrKignpRAkhFNLqhKb+rkPKgOQPQq 6iMJkQZV1hAHUpG69iV9n2A5zPUT4drf4qVAkm18Hid2WWNeDVhiUzJLknSauLB01n43 5MjQ== X-Gm-Message-State: AJcUukdz7HHQm6/KPhwyHq4cI9pgDzGDYX3cOCUNlsk7Ssk0v2cKxFTC Bdu/fveqoItyfv0Xfa9Hk5ZZ62KN X-Google-Smtp-Source: ALg8bN4hDQ3QbxYCHnV9FdFIajkHjAWIrxYxkrZ7z/S5DH2kGZn++HiXxWqXBTjA50DLpGXhrJilIA== X-Received: by 2002:a37:455:: with SMTP id 82mr55824797qke.60.1546833609776; Sun, 06 Jan 2019 20:00:09 -0800 (PST) Received: from DESKTOPV0UVPFT ([2601:152:4302:ae1f:298a:c6bb:3e71:b2c]) by smtp.gmail.com with ESMTPSA id z196sm37720103qkz.37.2019.01.06.20.00.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Jan 2019 20:00:09 -0800 (PST) From: To: =?iso-8859-1?Q?'Toke_H=F8iland-J=F8rgensen'?= , "'Jonathan Morton'" Cc: Date: Sun, 6 Jan 2019 23:00:11 -0500 Message-ID: <008901d4a63d$7d054420$770fcc60$@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Content-Language: en-us Thread-Index: AdSmPCate9yiyXA4ScusHd2SURKxJQ== Subject: [Cake] host hashes and NAT neglected in src/dst-host mode X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2019 04:00:10 -0000 I was having a look at cake's hash code and it seems srchost_hash and dsthost_hash, as well as the flowkeys in NAT are not calculated in plain "srchost" or "dsthost" modes. CAKE_FLOW_FLOWS and CAKE_FLOW_HOSTS are both 0 (conditional in line 633) when src/dst-host is set as flow mode. So the code goes to "skip_hash" (line 683), and as a result the flowkeys are not updated in respect to NAT (line 640), but also srchost_hash and dsthost_hash (line 653) are not calculated. Is this intentional? I would expect the NAT flowkeys to be updated in src/dst-host modes, and also the host hashes to be calculated for fair host isolation. cake_hash() in sch_cake.c from linux-4.20: 632 /* If both overrides are set we can skip packet dissection entirely */ 633 if ((flow_override || !(flow_mode & CAKE_FLOW_FLOWS)) && 634 (host_override || !(flow_mode & CAKE_FLOW_HOSTS))) 635 goto skip_hash; 636 637 skb_flow_dissect_flow_keys(skb, &keys, 638 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL); 639 640 if (flow_mode & CAKE_FLOW_NAT_FLAG) 641 cake_update_flowkeys(&keys, skb); 642 643 /* flow_hash_from_keys() sorts the addresses by value, so we have 644 * to preserve their order in a separate data structure to treat 645 * src and dst host addresses as independently selectable. 646 */ 647 host_keys = keys; 648 host_keys.ports.ports = 0; 649 host_keys.basic.ip_proto = 0; 650 host_keys.keyid.keyid = 0; 651 host_keys.tags.flow_label = 0; 652 653 switch (host_keys.control.addr_type) { 654 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 655 host_keys.addrs.v4addrs.src = 0; 656 dsthost_hash = flow_hash_from_keys(&host_keys); 657 host_keys.addrs.v4addrs.src = keys.addrs.v4addrs.src; 658 host_keys.addrs.v4addrs.dst = 0; 659 srchost_hash = flow_hash_from_keys(&host_keys); 660 break; 661 662 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 663 memset(&host_keys.addrs.v6addrs.src, 0, 664 sizeof(host_keys.addrs.v6addrs.src)); 665 dsthost_hash = flow_hash_from_keys(&host_keys); 666 host_keys.addrs.v6addrs.src = keys.addrs.v6addrs.src; 667 memset(&host_keys.addrs.v6addrs.dst, 0, 668 sizeof(host_keys.addrs.v6addrs.dst)); 669 srchost_hash = flow_hash_from_keys(&host_keys); 670 break; 671 672 default: 673 dsthost_hash = 0; 674 srchost_hash = 0; 675 } 676 677 /* This *must* be after the above switch, since as a 678 * side-effect it sorts the src and dst addresses. 679 */ 680 if (flow_mode & CAKE_FLOW_FLOWS) 681 flow_hash = flow_hash_from_keys(&keys); 682 683 skip_hash: 684 if (flow_override) 685 flow_hash = flow_override - 1; 686 if (host_override) { 687 dsthost_hash = host_override - 1; 688 srchost_hash = host_override - 1; 689 } 690 691 if (!(flow_mode & CAKE_FLOW_FLOWS)) { 692 if (flow_mode & CAKE_FLOW_SRC_IP) 693 flow_hash ^= srchost_hash; 694 695 if (flow_mode & CAKE_FLOW_DST_IP) 696 flow_hash ^= dsthost_hash; 697 } 698 699 reduced_hash = flow_hash % CAKE_QUEUES;