From: Shaohua Li <shli@kernel.org>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>,
David Miller <davem@davemloft.net>, Shaohua Li <shli@fb.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
Florent Fourcot <flo@fourcot.fr>
Subject: Re: [PATCH V4 net 2/2] net: fix tcp reset packet flowlabel for ipv6
Date: Tue, 1 Aug 2017 14:42:26 -0700 [thread overview]
Message-ID: <20170801214226.gnuudx3j53s6kw25@kernel.org> (raw)
In-Reply-To: <CAM_iQpWiw6CJOr2+zvxdoCht1DRERmZfZCCZiE36_6RiumEOVA@mail.gmail.com>
On Tue, Aug 01, 2017 at 02:17:58PM -0700, Cong Wang wrote:
> On Mon, Jul 31, 2017 at 4:00 PM, Shaohua Li <shli@kernel.org> wrote:
> > On Mon, Jul 31, 2017 at 03:35:02PM -0700, Cong Wang wrote:
> >> On Mon, Jul 31, 2017 at 3:19 PM, Shaohua Li <shli@kernel.org> wrote:
> >> > static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
> >> > __be32 flowlabel, bool autolabel,
> >> > - struct flowi6 *fl6)
> >> > + struct flowi6 *fl6, u32 hash)
> >> > {
> >> > - u32 hash;
> >> > -
> >> > /* @flowlabel may include more than a flow label, eg, the traffic class.
> >> > * Here we want only the flow label value.
> >> > */
> >> > @@ -788,7 +786,8 @@ static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
> >> > net->ipv6.sysctl.auto_flowlabels != IP6_AUTO_FLOW_LABEL_FORCED))
> >> > return flowlabel;
> >> >
> >> > - hash = skb_get_hash_flowi6(skb, fl6);
> >> > + if (skb)
> >> > + hash = skb_get_hash_flowi6(skb, fl6);
> >>
> >>
> >> Why not just move skb_get_hash_flowi6() to its caller?
> >> This check is not necessary. If you don't want to touch
> >> existing callers, you can just introduce a wrapper:
> >>
> >>
> >> static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
> >> __be32 flowlabel, bool autolabel,
> >> struct flowi6 *fl6)
> >> {
> >> u32 hash = skb_get_hash_flowi6(skb, fl6);
> >> return __ip6_make_flowlabel(net, flowlabel, autolabel, hash);
> >> }
> >
> > this will always call skb_get_hash_flowi6 for the fast path even auto flowlabel
> > is disabled. I thought we should avoid this.
>
> Yeah, but you can move the check out too,
> something like:
Is this really better? I don't see any point. I'd use my original patch other
than this one. that said, there are just several lines of code, brutally
'abstract' them into a function doesn't make the code better.
> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
> index 6eac5cf8f1e6..18ffa824c00a 100644
> --- a/include/net/ipv6.h
> +++ b/include/net/ipv6.h
> @@ -771,31 +771,22 @@ static inline void
> iph_to_flow_copy_v6addrs(struct flow_keys *flow,
>
> #define IP6_DEFAULT_AUTO_FLOW_LABELS IP6_AUTO_FLOW_LABEL_OPTOUT
>
> -static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
> - __be32 flowlabel, bool autolabel,
> - struct flowi6 *fl6)
> +static inline bool ip6_need_flowlabel(struct net *net, __be32
> flowlabel, bool autolabel)
> {
> - u32 hash;
> -
> /* @flowlabel may include more than a flow label, eg, the traffic class.
> * Here we want only the flow label value.
> */
> - flowlabel &= IPV6_FLOWLABEL_MASK;
> -
> - if (flowlabel ||
> + if ((flowlabel & IPV6_FLOWLABEL_MASK) ||
> net->ipv6.sysctl.auto_flowlabels == IP6_AUTO_FLOW_LABEL_OFF ||
> (!autolabel &&
> net->ipv6.sysctl.auto_flowlabels != IP6_AUTO_FLOW_LABEL_FORCED))
> - return flowlabel;
> -
> - hash = skb_get_hash_flowi6(skb, fl6);
> + return false;
>
> - /* Since this is being sent on the wire obfuscate hash a bit
> - * to minimize possbility that any useful information to an
> - * attacker is leaked. Only lower 20 bits are relevant.
> - */
> - rol32(hash, 16);
> + return true;
> +}
>
> +static inline __be32 __ip6_make_flowlabel(struct net *net, __be32
> flowlabel, u32 hash)
> +{
> flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;
>
> if (net->ipv6.sysctl.flowlabel_state_ranges)
> @@ -804,6 +795,19 @@ static inline __be32 ip6_make_flowlabel(struct
> net *net, struct sk_buff *skb,
> return flowlabel;
> }
>
> +static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
> + __be32 flowlabel, bool autolabel,
> + struct flowi6 *fl6)
> +{
> + u32 hash;
> +
> + if (!ip6_need_flowlabel(net, flowlabel, autolabel))
> + return flowlabel & IPV6_FLOWLABEL_MASK;
> +
> + hash = skb_get_hash_flowi6(skb, fl6);
> + return __ip6_make_flowlabel(net, flowlabel, hash);
> +}
> +
> static inline int ip6_default_np_autolabel(struct net *net)
> {
> switch (net->ipv6.sysctl.auto_flowlabels) {
next prev parent reply other threads:[~2017-08-01 21:42 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-31 22:19 [PATCH V4 net 0/2] ipv6: fix flowlabel issue for reset packet Shaohua Li
2017-07-31 22:19 ` [PATCH V4 net 1/2] net: remove unnecessary rotation Shaohua Li
2017-07-31 22:19 ` [PATCH V4 net 2/2] net: fix tcp reset packet flowlabel for ipv6 Shaohua Li
2017-07-31 22:35 ` Cong Wang
2017-07-31 23:00 ` Shaohua Li
2017-08-01 21:17 ` Cong Wang
2017-08-01 21:42 ` Shaohua Li [this message]
2017-08-03 1:33 ` Cong Wang
2017-08-09 14:59 ` [PATCH V4 net 0/2] ipv6: fix flowlabel issue for reset packet Shaohua Li
2017-08-09 17:55 ` David Miller
2017-08-09 16:40 ` Tom Herbert
2017-08-10 16:30 ` Shaohua Li
2017-08-10 18:30 ` Tom Herbert
2017-08-10 19:13 ` Shaohua Li
2017-08-12 1:00 ` Tom Herbert
2017-08-15 2:52 ` Shaohua Li
2017-08-15 14:08 ` Tom Herbert
2017-08-15 22:42 ` Shaohua Li
2017-08-16 0:15 ` Tom Herbert
2017-08-17 17:26 ` Shaohua Li
2017-08-17 19:07 ` Tom Herbert
2017-08-17 22:55 ` Martin KaFai Lau
2017-08-18 14:50 ` Tom Herbert
2017-08-18 20:51 ` Martin KaFai Lau
2017-08-18 22:27 ` David Miller
2017-11-08 17:44 ` Tom Herbert
2017-11-08 20:01 ` Tom Herbert
2017-11-08 21:41 ` Martin KaFai Lau
2017-11-14 18:24 ` Shaohua Li
2017-11-14 19:13 ` Tom Herbert
2017-11-14 21:59 ` Shaohua Li
2017-11-15 18:27 ` Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170801214226.gnuudx3j53s6kw25@kernel.org \
--to=shli@kernel.org \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=flo@fourcot.fr \
--cc=netdev@vger.kernel.org \
--cc=shli@fb.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.