| Message ID | 1432253506-3646977-8-git-send-email-tom@herbertland.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
Fri, May 22, 2015 at 02:11:42AM CEST, tom@herbertland.com wrote: >We don't need to return the IPv6 address hash as part of flow keys. >In general, using the IPv6 address hash is risky in a hash value >since the underlying use of xor provides no entropy. If someone >really needs the hash value they can get it from the full IPv6 >addresses in flow keys (e.g. from flow_get_u32_src). > >Signed-off-by: Tom Herbert <tom@herbertland.com> >--- > include/net/flow_dissector.h | 1 - > net/core/flow_dissector.c | 17 ----------------- > 2 files changed, 18 deletions(-) > >diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h >index 3ee606a..59f00f9 100644 >--- a/include/net/flow_dissector.h >+++ b/include/net/flow_dissector.h >@@ -103,7 +103,6 @@ enum flow_dissector_key_id { > FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ > FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ > FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ >- FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS, /* struct flow_dissector_key_addrs */ > FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ > FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ > FLOW_DISSECTOR_KEY_TIPC_ADDRS, /* struct flow_dissector_key_tipc_addrs */ >diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c >index 8d6f089..44e47c5 100644 >--- a/net/core/flow_dissector.c >+++ b/net/core/flow_dissector.c >@@ -200,19 +200,6 @@ ipv6: > nhoff += sizeof(struct ipv6hdr); > > if (skb_flow_dissector_uses_key(flow_dissector, >- FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS)) { >- key_addrs = skb_flow_dissector_target(flow_dissector, >- FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS, >- target_container); >- >- key_addrs->v4addrs.src = >- (__force __be32)ipv6_addr_hash(&iph->saddr); >- key_addrs->v4addrs.dst = >- (__force __be32)ipv6_addr_hash(&iph->daddr); >- key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; >- goto flow_label; >- } >- if (skb_flow_dissector_uses_key(flow_dissector, > FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { > struct flow_dissector_key_ipv6_addrs *key_ipv6_addrs; > You can change the code flow now to pre-b924933cbbfbdcaa2831a39 state: if (!skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) break; .... flow_label = ..... killing flow_label label. Other than that, Acked-by: Jiri Pirko <jiri@resnulli.us> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h index 3ee606a..59f00f9 100644 --- a/include/net/flow_dissector.h +++ b/include/net/flow_dissector.h @@ -103,7 +103,6 @@ enum flow_dissector_key_id { FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ - FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS, /* struct flow_dissector_key_addrs */ FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ FLOW_DISSECTOR_KEY_TIPC_ADDRS, /* struct flow_dissector_key_tipc_addrs */ diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 8d6f089..44e47c5 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -200,19 +200,6 @@ ipv6: nhoff += sizeof(struct ipv6hdr); if (skb_flow_dissector_uses_key(flow_dissector, - FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS)) { - key_addrs = skb_flow_dissector_target(flow_dissector, - FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS, - target_container); - - key_addrs->v4addrs.src = - (__force __be32)ipv6_addr_hash(&iph->saddr); - key_addrs->v4addrs.dst = - (__force __be32)ipv6_addr_hash(&iph->daddr); - key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; - goto flow_label; - } - if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { struct flow_dissector_key_ipv6_addrs *key_ipv6_addrs; @@ -651,10 +638,6 @@ static const struct flow_dissector_key flow_keys_dissector_keys[] = { .offset = offsetof(struct flow_keys, addrs.v6addrs), }, { - .key_id = FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS, - .offset = offsetof(struct flow_keys, addrs.v4addrs), - }, - { .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS, .offset = offsetof(struct flow_keys, addrs.tipcaddrs), },
We don't need to return the IPv6 address hash as part of flow keys. In general, using the IPv6 address hash is risky in a hash value since the underlying use of xor provides no entropy. If someone really needs the hash value they can get it from the full IPv6 addresses in flow keys (e.g. from flow_get_u32_src). Signed-off-by: Tom Herbert <tom@herbertland.com> --- include/net/flow_dissector.h | 1 - net/core/flow_dissector.c | 17 ----------------- 2 files changed, 18 deletions(-)