Zbr's days.

Zbr's days.

←December →
Sun Mon Tue Wed Thu Fri Sat

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

←2005 →
Months

Jan Feb Mar

Apr May Jun

Jul Aug Sep

Oct Nov Dec

/(1648)

devel(941)

acrypto(35)

hifn(12)

arm(1)

captcha(9)

dst(102)

eventfs(3)

flat(63)

fs(170)

kevent(110)

aio(7)

math(17)

bezier(3)

codes(5)

hash(8)

networking(200)

dns(13)

ipw2100(3)

nta(27)

unetstack(5)

zcs(7)

other(178)

sh(17)

sky(2)

threading(25)

life(317)

music(1)

photo(1)

other(96)

About :: TODO :: Blog :: RSS :: Old blog :: Projects :: GIT :: Gallery :: Notes

Wed, 28 Dec 2005

Acrypto IPsec hacking.

Something was changed from 2.6.14 days in XFRM engine, so it does not work now. Bug was found in esp4 output callback, where parent skb was not updated with the right auth length, so remote tcpdump showed something like this:

IP truncated-ip - 12 bytes missing! 192.168.4.78 > 192.168.4.79: ESP(spi=0x020bc674,seq=0x1)

Patch for XFRM/IPsec/ESP4 engine acrypto port has been put into archive.

I have a very interesting idea about Linux network stack, so I start digging about high-performance networking event-driven interfaces. There are not so many solutions:

epoll or /dev/*poll
RT Posix signals

The latter seems to have smaller latencies, but have some problems when number of interests becomes large, since there are no event batching per each signal which leads to signal queue overflow, while the former (/dev/poll implementation by Niels Provos and Charles Lever) is slightly slower according to "Scalable Network I/O in Linux" paper. Epoll provides similar to /dev/poll functionality and is part of the 2.6 kernel.
For statistics I've run simple benchmark to determine overhead of system call in Linux.
It is about 0.2-0.25 usecs per syscall on my Xeon(2.4Ghz) and AMD64 3500+ (2200Ghz) running 2.6.15 linux kernel.

:: Link / Comments (0)