netdev
[Top] [All Lists]

Re: [RFC/PATCH] "strict" ipv4 reassembly

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: Re: [RFC/PATCH] "strict" ipv4 reassembly
From: Andi Kleen <ak@xxxxxx>
Date: Wed, 18 May 2005 03:05:01 +0200
Cc: niv@xxxxxxxxxx, akepner@xxxxxxx, dlstevens@xxxxxxxxxx, rick.jones2@xxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050517.175126.74751342.davem@xxxxxxxxxxxxx> (David S. Miller's message of "Tue, 17 May 2005 17:51:26 -0700 (PDT)")
References: <20050517232556.GA26846@xxxxxxxxxxxxxxxxxxx> <428A871F.1000308@xxxxxxxxxx> <20050518001054.GB27212@xxxxxxxxxxxxxxxxxxx> <20050517.175126.74751342.davem@xxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (gnu/linux)
"David S. Miller" <davem@xxxxxxxxxxxxx> writes:

> From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [RFC/PATCH] "strict" ipv4 reassembly
> Date: Wed, 18 May 2005 10:10:54 +1000
>
>> On Tue, May 17, 2005 at 05:06:55PM -0700, Nivedita Singhvi wrote:
>> > 
>> > Mainline linux certainly has this (per-inetpeer ip_id) - but
>> > at least one distro did not (use inetpeer) :). Not sure
>> > what the current situation is.
>> 
>> What was the reason for this? Perhaps we can solve their problems
>> with inetpeer in a better way than disabling it?
>
> Andi Kleen thought inetpeer was a pig, so he removed it from SUSE's
> kernel and replaced it with a per-cpu salted IP ID generator.  The
> initial verion he wrote had serious bugs that severely decreased the
> effective ID space, and thus made the NFS corruption problem happen
> more frequently.

That's not true, there were no bugs it in. Or at least none
I know about.

However any randomized IPID scheme decreases the effective IP-ID
space slightly. The only algorithm that uses a bit space perfectly
is a counter :) However I admit the constant to regulate the grainness 
was a bit too aggressive at the beginning, which indeed triggered
the NFS corruption problem more frequently. However since the 16bit
space is more or less useless (as Artur demonstrated it cannot
even handle a single Gigabit link) it did not make that much difference anyways.

The eventual workaround for the NFS IP-ID problem that went into
the vendor kernel also did work in a different way on top 
of the algorithm.

As for the background (not for you Dave, for other readers ;-) why I
consider inetpeer useless please read the archives. As a hint just
look what kind of functionality it implements and how much of it is
actually enabled by default and think of its relationship to masquerading
(which BTW breaks most of the fancy algorithms proposed so far) 

-Andi

<Prev in Thread] Current Thread [Next in Thread>