[Cake] fq_codel leveraging the skb->hash now in net-next
edumazet at google.com
Fri Jan 20 16:36:28 EST 2017
The 0 case is checked.
If skb->hash == 0 or a non L4 hash was stored in skb->hash, we call
the same flow dissector code than before ;)
And each host has normally :
1) Boot time generated RSS keys on NIC providing skb->hash
2) A boot time random number
static u32 hashrnd __read_mostly;
static __always_inline void __flow_hash_secret_init(void)
u32 flow_hash_from_keys(struct flow_keys *keys)
return __flow_hash_from_keys(keys, hashrnd);
static inline u32 ___skb_get_hash(const struct sk_buff *skb,
struct flow_keys *keys, u32 keyval)
return __flow_hash_from_keys(keys, keyval);
So an attacker has no way to guess in which slot of the hash table a
particular flow will end up.
For the record, I will add (optional) pacing to fq_codel.
On Fri, Jan 20, 2017 at 1:29 PM, Dave Taht <dave.taht at gmail.com> wrote:
> It's not clear to me if all the encapsulation types (6rd for
> example?), or drivers? are generating an skb->hash (or as of what
> release of linux they did), and there's no error checking for 0, and
> whether or not they are being permuted in skb->hash, (otherwise all
> linux implementations in the world will end up hashing the same way on
> the same combination of ips and ports),
> but I tend to trust eric to get it right, and hashing here was always
> the 2nd or 3rd biggest hotspot in fq_codel.
> Dave Täht
> Let's go make home routers and wifi faster! With better software!
More information about the Cake