Re: [UPDATE] zerocopy.. While working on ip.h stuff

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Michael Peddemors]

On Mon, 26 Feb 2001, Craig Milo Rogers wrote:

> > > I have a whole 40 bytes (+/-) to share...  Now although I don't see
> > > anything explicitly prohibiting the use of unused IP Header option 
..
> > > in between.. Has anyone seen any RFC that explicitly says I MUST NOT?
> >
> >Not to my knowledge.  Routers already change the time to live field,
> >so I see no reason why they can't do smart things with special IP
> >options either (besides efficiency concerns :-).

I know they 'rewrite/extend' existing options, but have never seen a case 
where a router adds an option to a packet beyond those based on what the 
original sender set..

> I've forgotten how the Stream ID option was implemented, but I
> won't be surprised if a router inserted it on the fly (but it was
> probably inserted by end systems).  On the other hand, there was also

Hmm, have to look at a little history..

> a competing philosophy that said that the IP checksum must be
> recomputed incrementally at routers to catch hardware problems in the
> routers, and an incremental recomputation when changing the size of
> the header would be more work.

ah.. we do recalculate IP Checksums now..  when we update any of the 
timestamp rr options etc..

> The one thing I would worry about is unleashing mutant IP
> packets upon the world at large.  I hope the proposed experiments have
> a very good firewall.  It would be very nice to attempt to acquire an
> officially blessed IP option number for such experiments before
> unleashing these packets upon an unprepared world.
>
> 					Craig Milo Rogers

Ah, we better have a good firewall <wink> No, if this goes past concept 
phase, we will try for de official bless.



-- 
"Catch the magic of Linux...."
--------------------------------------------------------
Michael Peddemors - Senior Consultant
Unix Administration - WebSite Hosting
Network Services - Programming
Wizard Internet Services http://www.wizard.ca
Linux Support Specialist - http://www.linuxmagic.com
--------------------------------------------------------
(604) 589-0037 Beautiful British Columbia, Canada
--------------------------------------------------------

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Craig Milo Rogers]

>> a competing philosophy that said that the IP checksum must be
>> recomputed incrementally at routers to catch hardware problems in the
...
>ah.. we do recalculate IP Checksums now..  when we update any of the 
>timestamp rr options etc..

	But, do you do it incrementally? By which I mean: subtract
(appropriately) the old value of the octet from the existing checksum,
field in the packet then add (appropriately) the new value of the
octet to the checksum?  Simply recalculating the IP checksum from
scratch can generate a "correct" checksum for a packet that was
damaged*** while waiting around in memory.

	I don't know if people worry about this now, but 20 years ago
there was a fuss about it.  Further discussion offline, please.

					Craig Milo Rogers
	
*** Maybe by hardware trouble, or maybe because someone followed a bad
    pointer and stomped on part of the header.

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Michael Peddemors]

On Mon, 26 Feb 2001, Benjamin C.R. LaHaise wrote:
> On Mon, 26 Feb 2001, David S. Miller wrote:
> > At gigapacket rates, it becomes an issue.  This guy is talking about
> > tinkering with new IP _options_, not just the header.  So even if the
> > IP header itself fits totally in a cache line, the options afterwardsd
> > likely will not and thus require another cache miss.

Yes, I expect to use the whole of the allowed size :) 
So instead of the more common IP Header length of 20 bytes, I will be using 
25-60 bytes for a header, (But so does source routing) and the router RFC 
says that we should handle it...
Now, of course, you have raised the question of whether that would be handled 
effeciently with the current kernel code..

> Hmmm, one way around this is to have the packet queue store things in
> in a linear array of pointers to data areas, then process things in
> bursts, ie:
>
> 	- find packet data areas for queued packets
> 	- walk list doing prefetches of ip header and options
> 	- then actually do the packet processing (save output for later)
>
> That will require a number of new hooks for pipelining operations, though.
> Just a thought.
>
> 		-ben

-- 
"Catch the magic of Linux...."
--------------------------------------------------------
Michael Peddemors - Senior Consultant
Unix Administration - WebSite Hosting
Network Services - Programming
Wizard Internet Services http://www.wizard.ca
Linux Support Specialist - http://www.linuxmagic.com
--------------------------------------------------------
(604) 589-0037 Beautiful British Columbia, Canada
--------------------------------------------------------

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Michael Peddemors]

On Mon, 26 Feb 2001, David S. Miller wrote:

>  > Also, I was looking into some RFC 1812 stuff. (Thanks for nothing Dave
>  > :) and was looking at 4.2.2.6 where it mentions that a router MUST
>  > implement the End of Option List option..  Havent' figured out where
>  > that is implememented yet..
>
> egrep "IPOPT_END" net/ipv4/ip_options.c
>
> You just aren't looking hard enough.

Was looking for IPOPT_EOL :) Forgot about it's reference..


-- 
"Catch the magic of Linux...."
--------------------------------------------------------
Michael Peddemors - Senior Consultant
Unix Administration - WebSite Hosting
Network Services - Programming
Wizard Internet Services http://www.wizard.ca
Linux Support Specialist - http://www.linuxmagic.com
--------------------------------------------------------
(604) 589-0037 Beautiful British Columbia, Canada
--------------------------------------------------------

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Benjamin C.R. LaHaise]

On Mon, 26 Feb 2001, David S. Miller wrote:

> At gigapacket rates, it becomes an issue.  This guy is talking about
> tinkering with new IP _options_, not just the header.  So even if the
> IP header itself fits totally in a cache line, the options afterwardsd
> likely will not and thus require another cache miss.

Hmmm, one way around this is to have the packet queue store things in
in a linear array of pointers to data areas, then process things in
bursts, ie:

	- find packet data areas for queued packets
	- walk list doing prefetches of ip header and options
	- then actually do the packet processing (save output for later)

That will require a number of new hooks for pipelining operations, though.
Just a thought.

		-ben

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[David S. Miller]

Benjamin C.R. LaHaise writes:
 > Since the ip header fits in the cache of some CPUs (like the P4),
 > this becoming a cheaper operation than ever before.

At gigapacket rates, it becomes an issue.  This guy is talking about
tinkering with new IP _options_, not just the header.  So even if the
IP header itself fits totally in a cache line, the options afterwardsd
likely will not and thus require another cache miss.

Later,
David S. Miller
davem@redhat.com

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Benjamin C.R. LaHaise]

On Mon, 26 Feb 2001, David S. Miller wrote:

> Not to my knowledge.  Routers already change the time to live field,
> so I see no reason why they can't do smart things with special IP
> options either (besides efficiency concerns :-).

A number of ISPs patch the MSS value to 1492 due to the ridiculous number
of PMTU black holes out on the net.  Since the ip header fits in the cache
of some CPUs (like the P4), this becoming a cheaper operation than ever
before.

		-ben

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Michael Peddemors]

While doing some work on some ip options stuff, I have noticed a bunchof 
unused entries in linux/include/linux/ip.h

A few things.. why is ip.h not part of the linux/include/net rather than 
linux/include/linux hierachy?

Defined items that are not used anywhere in the source..
Can any of them be deleted now?
<see below>

Also, I was looking into some RFC 1812 stuff. (Thanks for nothing Dave :) and 
was looking at 4.2.2.6 where it mentions that a router MUST implement the End 
of Option List option..  Havent' figured out where that is implememented yet..

Also was trying to figure out some things. 
I want to create a new ip_option for use in some DOS protection experiments.
I have a whole 40 bytes (+/-) to share...  Now although I don't see anything 
explicitly prohibiting the use of unused IP Header option space, I know that 
it really was designed for use by the sending parties, and not routers in 
between.. Has anyone seen any RFC that explicitly says I MUST NOT?


IPTOS_PREC_NETCONTROL
IPTOS_PREC_FLASHOVERRIDE
IPTOS_PREC_FLASH
IPTOS_PREC_IMMEDIATE
IPTOS_PREC_PRIORITY
IPTOS_PREC_ROUTINE
IPOPT_RESERVED1
IPOPT_RESERVED2
IPOPT_OPTVAL
IPOPT_OLEN
IPOPT_MINOFF
MAX_IPOPTLEN
IPOPT_EOL



> diff -urN linux/include/net/ip.h linux.fixed/include/net/ip.h
--------------------------------------------------------
Michael Peddemors - Senior Consultant
Unix Administration - WebSite Hosting
Network Services - Programming
Wizard Internet Services http://www.wizard.ca
Linux Support Specialist - http://www.linuxmagic.com
--------------------------------------------------------
(604) 589-0037 Beautiful British Columbia, Canada
--------------------------------------------------------

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[David S. Miller]

Michael Peddemors writes:
 > A few things.. why is ip.h not part of the linux/include/net rather than 
 > linux/include/linux hierachy?

Exported to older userlands...

 > Defined items that are not used anywhere in the source..
 > Can any of them be deleted now?
 > <see below>

So what, userland makes use of them :-)

 > Also, I was looking into some RFC 1812 stuff. (Thanks for nothing Dave :) and 
 > was looking at 4.2.2.6 where it mentions that a router MUST implement the End 
 > of Option List option..  Havent' figured out where that is implememented yet..

egrep "IPOPT_END" net/ipv4/ip_options.c

You just aren't looking hard enough.

 > Also was trying to figure out some things. 
 > I want to create a new ip_option for use in some DOS protection experiments.
 > I have a whole 40 bytes (+/-) to share...  Now although I don't see anything 
 > explicitly prohibiting the use of unused IP Header option space, I know that 
 > it really was designed for use by the sending parties, and not routers in 
 > between.. Has anyone seen any RFC that explicitly says I MUST NOT?

Not to my knowledge.  Routers already change the time to live field,
so I see no reason why they can't do smart things with special IP
options either (besides efficiency concerns :-).

Later,
David S. Miller
davem@redhat.com

Re: [UPDATE] zerocopy.. While working on ip.h stuff

[Andi Kleen]

Michael Peddemors <michael@linuxmagic.com> writes:

> A few things.. why is ip.h not part of the linux/include/net rather than 
> linux/include/linux hierachy?

Because it needs to be user visible for raw sockets (linux is exported to the user,
net isn't) 

> Defined items that are not used anywhere in the source..
> Can any of them be deleted now?

nope. they can be useful for the user.

> Also, I was looking into some RFC 1812 stuff. (Thanks for nothing Dave :) and 
> was looking at 4.2.2.6 where it mentions that a router MUST implement the End 
> of Option List option..  Havent' figured out where that is implememented yet..

It is (see net/ipv4/ip_options:ip_options_compile())

> Also was trying to figure out some things. 
> I want to create a new ip_option for use in some DOS protection experiments.
> I have a whole 40 bytes (+/-) to share...  Now although I don't see anything 
> explicitly prohibiting the use of unused IP Header option space, I know that 
> it really was designed for use by the sending parties, and not routers in 
> between.. Has anyone seen any RFC that explicitly says I MUST NOT?

Using IP options is strongly deprecated because it causes a lot of switches/routers
to go from hardware into software switch mode (-> it kills your gigabit routers) 


> IPTOS_PREC_NETCONTROL
[...]
They are implemented, just only implicitely as an array index.


-Andi