Re: [PATCH net] ipv6: refresh rt6i_genid in ip6_pol_route()

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Hannes Frederic Sowa <hannes@redhat.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>,
	nicolas.dichtel@6wind.com, therbert@google.com,
	alexander.h.duyck@intel.com, netdev@vger.kernel.org
Subject: Re: [PATCH net] ipv6: refresh rt6i_genid in ip6_pol_route()
Date: Tue, 09 Sep 2014 14:58:39 +0200	[thread overview]
Message-ID: <1410267519.27979.31.camel@localhost> (raw)
In-Reply-To: <1410152829.11872.84.camel@edumazet-glaptop2.roam.corp.google.com>

On So, 2014-09-07 at 22:07 -0700, Eric Dumazet wrote:
> On Sun, 2014-09-07 at 21:59 -0700, David Miller wrote:
> > From: Eric Dumazet <eric.dumazet@gmail.com>
> > Date: Sun, 07 Sep 2014 21:43:54 -0700
> > 
> > > On Sun, 2014-09-07 at 21:27 -0700, David Miller wrote:
> > >> From: Eric Dumazet <eric.dumazet@gmail.com>
> > >> Date: Sun, 07 Sep 2014 21:18:25 -0700
> > >> 
> > >> > On Sun, 2014-09-07 at 15:54 -0700, David Miller wrote:
> > >> > 
> > >> >> This might be broken.
> > >> >> 
> > >> >> We are dealing here with persistent entries in the ipv6 routine trie.
> > >> >> 
> > >> >> If you just bump the genid on the next person to look it up, other
> > >> >> sockets and cached entities might not have validated the route yet,
> > >> >> and now will falsely see the route as valid.  We have to ensure that
> > >> >> they too drop this route and perform a relookup.
> > >> > 
> > >> > I am confused, I thought it was the role of the cookie.
> > >> > 
> > >> > (Ie socket has to store its own cookie to be able to validate a route)
> > >> > 
> > >> > Before 6f3118b571b8 patch, how was this done anyway ?
> > >> > 
> > >> > If persistent routes cannot refresh the genid, then they are useless ?
> > >> 
> > >> I just speak about the genid aspect.
> > >> 
> > >> I understand that cookie (via node->fn_sernum) invalidates the path
> > >> in the fib_trie, but the genid protects against other circumstances
> > >> (matching IPSEC rule, f.e.)
> > >> 
> > >> You have to make sure all other sockets did a full route lookup
> > >> (including IPSEC) before you can safely adjust the genid.
> > >> 
> > >> I could be wrong, recheck my analysis please :-)
> > > 
> > > So this whole genid protection can not work, unless we make sure a
> > > socket cannot share a route with another socket.
> > > 
> > > This means we have to clone all routes.
> > 
> > I'm willing to revert the change in question if you think that's the
> > sanest way forward.
> > 
> > The bug fix for more obscure use cases (IPSEC) if pointless if it
> > breaks more common things (TCP input route caching).
> 
> Lets wait for Nicolas and/or Hannes input, they might have some ideas...

My first idea was to remove rt_genid check in ip6_dst_check completely
and rt_genid_bump_ipv6() should walk the trie to increase fib6_sernum in
rt6i_nodes. I'll try this.

next prev parent reply	other threads:[~2014-09-09 12:58 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-14 18:19 Performance regression on kernels 3.10 and newer Alexander Duyck
2014-08-14 18:46 ` Eric Dumazet
2014-08-14 19:50   ` Eric Dumazet
2014-08-14 19:59   ` Rick Jones
2014-08-14 20:31     ` Alexander Duyck
2014-08-14 20:51       ` Eric Dumazet
2014-08-14 20:46     ` Eric Dumazet
2014-08-14 23:16   ` Alexander Duyck
2014-08-14 23:20     ` David Miller
2014-08-14 23:25       ` Tom Herbert
2014-08-21 23:24         ` David Miller
2014-09-06 14:45           ` Eric Dumazet
2014-09-06 15:27             ` Eric Dumazet
2014-09-06 15:46               ` Eric Dumazet
2014-09-06 16:38                 ` Eric Dumazet
2014-09-06 18:21                   ` Eric Dumazet
2014-09-07 19:05                     ` [PATCH net] ipv6: refresh rt6i_genid in ip6_pol_route() Eric Dumazet
2014-09-07 22:54                       ` David Miller
2014-09-08  4:18                         ` Eric Dumazet
2014-09-08  4:27                           ` David Miller
2014-09-08  4:43                             ` Eric Dumazet
2014-09-08  4:59                               ` David Miller
2014-09-08  5:07                                 ` Eric Dumazet
2014-09-08  8:11                                   ` Nicolas Dichtel
2014-09-08 10:28                                     ` Eric Dumazet
2014-09-08 12:16                                       ` Nicolas Dichtel
2014-09-08 18:48                                   ` Vlad Yasevich
2014-09-09 12:58                                   ` Hannes Frederic Sowa [this message]
2014-09-10  9:31                                     ` [PATCH net-next] ipv6: implement rt_genid_bump_ipv6 with fn_sernum and remove rt6i_genid Hannes Frederic Sowa
2014-09-10 13:26                                       ` Vlad Yasevich
2014-09-10 13:42                                         ` Hannes Frederic Sowa
2014-09-10 20:09                                       ` David Miller
2014-09-11  8:30                                         ` Hannes Frederic Sowa
2014-09-11 12:22                                           ` Vlad Yasevich
2014-09-11 12:40                                             ` Hannes Frederic Sowa
2014-09-11 12:05                                         ` Hannes Frederic Sowa
2014-09-11 14:19                                           ` Vlad Yasevich
2014-09-11 14:32                                             ` Hannes Frederic Sowa
2014-09-11 14:44                                               ` Vlad Yasevich
2014-09-11 14:47                                                 ` Hannes Frederic Sowa
2014-09-08 15:06               ` [PATCH v2 net-next] tcp: remove dst refcount false sharing for prequeue mode Eric Dumazet
2014-09-08 21:21                 ` David Miller
2014-09-08 21:30                   ` Eric Dumazet
2014-09-08 22:41                     ` David Miller
2014-09-09 23:56                     ` David Miller
2014-08-15 17:15       ` Performance regression on kernels 3.10 and newer Alexander Duyck
2014-08-15 17:59         ` Eric Dumazet
2014-08-15 18:49         ` Tom Herbert
2014-08-15 19:10           ` Alexander Duyck
2014-08-15 22:16             ` Tom Herbert
2014-08-15 23:23               ` Alexander Duyck
2014-08-18  9:03                 ` David Laight
2014-08-18 15:22                   ` Alexander Duyck
2014-08-18 15:29                     ` Rick Jones
2014-08-21 23:51         ` David Miller
2014-08-14 23:48     ` Eric Dumazet
2014-08-15  0:33       ` Rick Jones

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1410267519.27979.31.camel@localhost \
    --to=hannes@redhat.com \
    --cc=alexander.h.duyck@intel.com \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    --cc=therbert@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).