virtio-comment message

Subject: RE: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash

From: Parav Pandit <parav@nvidia.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Date: Wed, 8 Feb 2023 14:29:00 +0000

> From: Michael S. Tsirkin <mst@redhat.com>
> Sent: Wednesday, February 8, 2023 9:09 AM

> > > header: it allow users inside the tunnel control queueing outside.
> > > By observing packet loss some information leaks between tunnels.
> > >
> > I likely didn't understand. Can you please explain?
> >
> > Queuing is always done on the inner header with/without encapsulation.
> > Hash is always reported for inner header.
> > It is only adding the ability to hash even when outer header exists.
> 
> 
> If hashing just on outer header (currently the only option) then a given tunnel
> all lands in a given queue.
> Just keep that queue separate and users of this tunnel can not learn whether
> other queues are overflowing, and can not overflow other queues.
> 
> 
> If you hash inner header then user can flood device with packets of a given
> connection and the same connection in a different tunnel hashes to the same
> queue. Now one tunnel can
> - cause DoS for another tunnel
> - cause packet loss or latency triggering possible security bugs within guest
> - detect that another tunnel is using the connection by
>   detecting its own packet loss or increased latency
> 
Yes. It can lead to above issues.
Steering on inner is on best effort based sw implementations running on top of net device.
To avoid above issues, a hierarchical model is needed.
I am not aware of any.
To my knowledge, usually who care for above issues end up using a different net device for each VNI and achieve the desired hierarchy.

> 
> > If queuing to be decided based on outer header (hash), then that is different.
> > Hashing both inner and outer in a flat q structure unlikely works, right?
> > Because both hashes can result in different q selection.
> 
> 
> That's the point.
> 
> Is there any precedent in OSes for configuring things like this that we can look
> at?
> 
ethtool -N (not yet part of virtio) is the closest match that can steer based on inner and outer both, but it is not hierarchical, and it is orthogonal to this feature.

> 
> > >
> > > Ideas for solving this they all involve hashing both inner and outer
> > > header:
> > > 1- report two sets of hashes. overkill?
> > > 2- hash both headers together
> > > 2- add salt. can come from driver or device itself
> > >
> > > More ideas?
> > >
> > > --
> > > MST

References:
- Re: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: Heng Qi <hengqi@linux.alibaba.com>
- RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: Parav Pandit <parav@nvidia.com>
- Re: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: Heng Qi <hengqi@linux.alibaba.com>
- RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: Parav Pandit <parav@nvidia.com>
- Re: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- RE: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: Parav Pandit <parav@nvidia.com>
- Re: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: "Michael S. Tsirkin" <mst@redhat.com>
- RE: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: Parav Pandit <parav@nvidia.com>
- Re: [virtio-comment] RE: [virtio-dev] Re: [virtio-comment] Re: [PATCH v7] virtio-net: support inner header hash
  - From: "Michael S. Tsirkin" <mst@redhat.com>