From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Niclas Hedam <nhed@itu.dk>
Cc: "stephen@networkplumber.org" <stephen@networkplumber.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
Dave Taht <dave.taht@gmail.com>
Subject: Re: [PATCH v2] net: sched: Add support for packet bursting.
Date: Tue, 29 Jun 2021 16:35:11 +0200 [thread overview]
Message-ID: <87zgv8ivs0.fsf@toke.dk> (raw)
In-Reply-To: <B95D6635-02AE-4912-B521-2BECEE16927E@itu.dk>
Niclas Hedam <nhed@itu.dk> writes:
> Thanks for the valuable thoughts, Toke.
>
> The patch started with me being tasked to try and mitigate timing
> attacks caused by network latencies. I scouted over the current
> network stack and didn't find anything that fully matched my use-case.
> While I now understand that you can actually leverage the slots
> functionality for this, I would still opt for a new interface and
> implementation.
So what is the actual use case for this? If this is something you're
actually planning to deploy this in production, I'm not sure netem is
the best place for it...
> I have not done any CPU benchmarks on the slots system, so I'm not
> approaching this from the practical performance side per se.
>
> Instead, I argue for seperation with reference to the Seperation of
> Concern design principle. The slots functionality is not
> built/designed to cater security guarantees, and my patch is not built
> to cater duty cycles, etc.
Separation of concerns is all well and good, but you're still adding
this to an existing qdisc (and one mostly used for emulating networks,
at that), in a way that will silently disable most of the other
functionality. I.e., if the 'bursting' field is set, 'rate' and
'latency' will just silently stop working because you're skipping the
code path that uses those.
So you'll need to reject invalid combinations at configure time, which
AFAICT is any other feature combined with bursting. Also, please add an
unlikely() around the check for the bursting parameter to hint the
compiler that this is not the most commonly used feature.
> If we opt to merge these two functionalities or discard mine, we have
> to implement some guarantee that the slots functionality won't become
> significantly slower or complex, which in my opinion is less
> maintainable than two similar systems. Also, this patch is very
> limited in lines of code, so maintaining it is pretty trivial.
Maintenance is not just about lines of code, it is also about
combination of features (e.g., dealing with things like "my rate limiter
stopped working after I turned on this 'security' feature"). At the very
least you'll need to clearly document interactions (and refuse invalid
combinations as mentioned above).
-Toke
next prev parent reply other threads:[~2021-06-29 14:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-28 11:25 [PATCH v2] net: sched: Add support for packet bursting Niclas Hedam
2021-06-28 11:44 ` Toke Høiland-Jørgensen
2021-06-28 11:57 ` Niclas Hedam
2021-06-28 12:21 ` Toke Høiland-Jørgensen
2021-06-28 13:24 ` Niclas Hedam
2021-06-29 14:35 ` Toke Høiland-Jørgensen [this message]
2021-06-29 15:26 ` Dave Taht
2021-06-28 12:08 ` [PATCH v3] " Niclas Hedam
2021-06-28 15:27 ` Eric Dumazet
2021-06-28 15:38 ` Niclas Hedam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zgv8ivs0.fsf@toke.dk \
--to=toke@redhat.com \
--cc=dave.taht@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhed@itu.dk \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).