From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-qk0-x241.google.com (mail-qk0-x241.google.com
 [IPv6:2607:f8b0:400d:c09::241])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 53FCE3B2A4
 for <cake@lists.bufferbloat.net>; Fri, 20 Jan 2017 16:47:01 -0500 (EST)
Received: by mail-qk0-x241.google.com with SMTP id u25so2732609qki.2
 for <cake@lists.bufferbloat.net>; Fri, 20 Jan 2017 13:47:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-transfer-encoding;
 bh=3p7df3ott/1XSH8fTlL4p/aXhLB8z7suNEbtk7dTEas=;
 b=NaxaMZ9s6EnIziOZlI1lYIlXYUCTU86ryoNozecgXWV0qj2sTYDjm7H7rsCSncpKiL
 VyMtsXXaA887YOMIVMdqyaWbAkdFKOH94AKo80vZL+v2bBXyc+rsxQIR2HGrFeS8bPnT
 /remNbP94IQW+T6fDiR3FBz4aYpVZ5TCw8zcEJ065PvJoZnkPIXWAnGwuF4o5pygnvmz
 Y6bVfJv6YsLzXkipsnkcPf0AknYTioudvkYAoBbqjx3BJ35fExHljO6b2JEehbehA69/
 jy8xukC03YkQsLF8FutkkT9JMKNhXao7Vo9Cc1SaX3W8yuImKAOgZkv932+0vH4OsbpE
 3uHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc:content-transfer-encoding;
 bh=3p7df3ott/1XSH8fTlL4p/aXhLB8z7suNEbtk7dTEas=;
 b=IyCbHH1gCBNZbzrihNuwb7HqTldWHCpLWVOQRx/OSSnw+Q/Zalu1zoc65btclpcRd0
 WhxOe1l3boHQAuoLvr8FeGjy5dpDeCgU1lUOywtiG32jLyHDixCkJO5yRHOJcU0zE/vd
 diykTqQVECueEHCBIoTXQpc4VM19nFzCAYdxuAlWrlApB+GtsxJpeo2yXhI/8hOCxErk
 KRmpMYdXerX0Fi+ZVjE47ZBGEebhhqdtqwXmejhHqV+yeN4RIt9UVkiB+gqnlxKWNR/7
 6FvQbbkG6kSq9KpFauH0QuWDouMPPPJcmr4slTscIY4TwZPiZmN9fvAnEQ7+AMX3oiiS
 1CpQ==
X-Gm-Message-State: AIkVDXLwZgzU/Lo1lNyZDyFvCfK0IsBHM525dKVLctcXSVTBmKqQCHrktgYf/0yeg8WWL6si11I2dbzYAhLcDQ==
X-Received: by 10.200.0.193 with SMTP id d1mr13284569qtg.275.1484948820909;
 Fri, 20 Jan 2017 13:47:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.152.197 with HTTP; Fri, 20 Jan 2017 13:47:00 -0800 (PST)
In-Reply-To: <CANn89i+2_9-zOQsSmo2q976aOc8XL_W0m=eiL2uiJmiOtJb3Dw@mail.gmail.com>
References: <CAA93jw4ryET29Xck4SzCKh2THUV3aqSr4c_Rr821y+HgvOjNXQ@mail.gmail.com>
 <CANn89i+2_9-zOQsSmo2q976aOc8XL_W0m=eiL2uiJmiOtJb3Dw@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
Date: Fri, 20 Jan 2017 13:47:00 -0800
Message-ID: <CAA93jw5ukYU8k-cqtreYAzt1TRQQAxtwQc4jpTRc=eQ=t7XyNA@mail.gmail.com>
To: Eric Dumazet <edumazet@google.com>
Cc: cake@lists.bufferbloat.net
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Cake] fq_codel leveraging the skb->hash now in net-next
X-BeenThere: cake@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Cake - FQ_codel the next generation <cake.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cake>,
 <mailto:cake-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cake>
List-Post: <mailto:cake@lists.bufferbloat.net>
List-Help: <mailto:cake-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cake>,
 <mailto:cake-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2017 21:47:01 -0000

On Fri, Jan 20, 2017 at 1:36 PM, Eric Dumazet <edumazet@google.com> wrote:
> The 0 case is checked.
>
> If skb->hash =3D=3D 0 or a non L4 hash was stored in skb->hash, we call
> the same flow dissector code than before ;)
>
> And each host has normally :
>
> 1) Boot time generated RSS keys on NIC providing skb->hash
> 2) A boot time random number
> static u32 hashrnd __read_mostly;
> static __always_inline void __flow_hash_secret_init(void)
> {
>         net_get_random_once(&hashrnd, sizeof(hashrnd));
> }
>
> u32 flow_hash_from_keys(struct flow_keys *keys)
> {
>         __flow_hash_secret_init();
>         return __flow_hash_from_keys(keys, hashrnd);
> }
> EXPORT_SYMBOL(flow_hash_from_keys);
>
> static inline u32 ___skb_get_hash(const struct sk_buff *skb,
>                                   struct flow_keys *keys, u32 keyval)
> {
>         skb_flow_dissect_flow_keys(skb, keys,
>                                    FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
>
>         return __flow_hash_from_keys(keys, keyval);
> }
>
>
> So an attacker has no way to guess in which slot of the hash table a
> particular flow will end up.

Groovy. safe to backport to 4.4? (lede/openwrt)?

> For the record, I will add (optional) pacing to fq_codel.

BBR is one less step away from world domination then!

My dream has always been to have all timestamping being on ingress,
thus eliminating that within fq_codel also, thus measuring cpu
overload on queuing within linux itself. This would also tend toward
favoring local tcp flows (I think), slightly, in the fq_codel case.

But perhaps I'm still dreaming too hard.

>
> On Fri, Jan 20, 2017 at 1:29 PM, Dave Taht <dave.taht@gmail.com> wrote:
>> It's not clear to me if all the encapsulation types (6rd for
>> example?), or drivers? are generating an skb->hash (or as of what
>> release of linux they did), and there's no error checking for 0, and
>> whether or not they are being permuted in skb->hash,  (otherwise all
>> linux implementations in the world will end up hashing the same way on
>> the same combination of ips and ports),
>>
>> but I tend to trust eric to get it right, and hashing here was always
>> the 2nd or 3rd biggest hotspot in fq_codel.
>>
>> https://www.mail-archive.com/netdev@vger.kernel.org/msg148598.html
>>
>> --
>> Dave T=C3=A4ht
>> Let's go make home routers and wifi faster! With better software!
>> http://blog.cerowrt.org



--=20
Dave T=C3=A4ht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org