From: Jakub Kicinski <kuba@kernel.org>
To: Balaev Pavel <balaevpa@infotecs.ru>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH] net: multipath routing: configurable seed
Date: Fri, 9 Apr 2021 11:50:01 -0700 [thread overview]
Message-ID: <20210409114847.02435bb4@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> (raw)
In-Reply-To: <YHBcBRXLuFsHudyg@rnd>
On Fri, 9 Apr 2021 16:52:05 +0300 Balaev Pavel wrote:
> Hello, this patch adds ability for user to set seed value for
nit: please drop the 'Hello' and use imperative form to describe
the commit.
> multipath routing hashes. Now kernel uses random seed value:
> this is done to prevent hash-flooding DoS attacks,
> but it breaks some scenario, f.e:
>
> +-------+ +------+ +--------+
> | |-eth0---| FW0 |---eth0-| |
> | | +------+ | |
> | GW0 |ECMP ECMP| GW1 |
> | | +------+ | |
> | |-eth1---| FW1 |---eth1-| |
> +-------+ +------+ +--------+
>
> In this scenario two ECMP routers used as traffic balancers between
> two firewalls. So if return path of one flow will not be the same,
> such flow will be dropped, because keep-state rules was created on
> other firewall.
>
> This patch add sysctl variable: net.ipv4.fib_multipath_hash_seed.
> User can set the same seed value on GW0 and GW1 and traffic will
> be mirror-balanced. By default random value is used.
>
> Signed-off-by: Balaev Pavel <balaevpa@infotecs.ru>
Please try to find relevant reviewers and put them on CC.
Try to find people who have worked on this code in the past.
This patch seems to add new sparse warnings:
net/ipv4/sysctl_net_ipv4.c:544:38: warning: incorrect type in assignment (different base types)
net/ipv4/sysctl_net_ipv4.c:544:38: expected unsigned long long
net/ipv4/sysctl_net_ipv4.c:544:38: got restricted __le64
net/ipv4/sysctl_net_ipv4.c:545:38: warning: incorrect type in assignment (different base types)
net/ipv4/sysctl_net_ipv4.c:545:38: expected unsigned long long
net/ipv4/sysctl_net_ipv4.c:545:38: got restricted __le64
> {
> u32 multipath_hash = fl4 ? fl4->flowi4_multipath_hash : 0;
> struct flow_keys hash_keys;
> + struct multipath_seed_ctx *seed_ctx;
Please order variable declaration lines longest to shortest.
prev parent reply other threads:[~2021-04-09 18:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 13:52 [PATCH] net: multipath routing: configurable seed Balaev Pavel
2021-04-09 18:50 ` Jakub Kicinski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210409114847.02435bb4@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com \
--to=kuba@kernel.org \
--cc=balaevpa@infotecs.ru \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.