[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org abandoned this revision.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: damien.deville_stormshield.eu, adrian, avg, markm, cem, #csprng, kevans, 
debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[damien.deville_stormshield.eu (Damien Deville)]

damien.deville_stormshield.eu added a comment.


  Hi everyone,
  
  At stormshield we are using a similar hand-made patch so i can give you some 
feedback about this feature.
  
  We support symmetric and non-symmetric static or random rss key, using the 
following systctls:
  
  - net.inet.rss.random
  - net.inet.rss.symmetric (using a 16bit pattern)
  - net.inet.rss.symmetric_byte0 + net.inet.rss.symmetric_byte1 (to force the 
16bits pattern to make the hash symmetric)
  
  We were also forced to add a reseed sysctl proc after noticing that the 
initial entropy is too low during rss key init, and we call it after boot just 
before loading our network kernel modules. Before this we had some product that 
were using RSS key that fail to provide proper distribution of packets. This 
change was made before we start using the initial entropy feature of the loader 
so i am not sure if it is still relevant.
  
  If some of you have interest i can share our patch (in private) which only 
support the rss_getkey() API and not all the other rss_xxx functions has we are 
not using them in our codebase.
  
  Damien for Stormshield.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: damien.deville_stormshield.eu, adrian, avg, markm, cem, #csprng, kevans, 
debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[adrian (Adrian Chadd)]

adrian added a comment.


  i remember there was some concern in the past where there were very bad rss 
key choices out there. is there a reason for actually pushing for a random rss 
key?
  
  I stuck with the microsoft rss key (and a symmetric rss key at norse) 
specifically so there wouldn't be boot to boot variation in traffic patterns 
when doing testing/evaluation.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: adrian, avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, 
melifaro, #contributor_reviews_base, freebsd-net-list, mmacy, 
kpraveen.lkml_gmail.com, marcnarc_gmail.com, simonvella_gmail.com, 
novice_techie.com, tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[avg (Andriy Gapon)]

avg added a comment.


  In D24989#552693 , @neel_neelc.org 
wrote:
  
  > I believe Linux just uses random keys:
  >
  > - 
https://github.com/torvalds/linux/blob/29d9f30d4ce6c7a38745a54a8cddface10013490/net/ethtool/ioctl.c#L924
  
  You are right. So, my concern was invalid.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added a comment.


  Should I sequence the key into "symmetrical RSS" where the first 32 bits == 
the next 32 bits, and all subsequent 16 bits chunks are equal?. Or is it 
something else?

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added a comment.


  In D24989#552576 , @avg wrote:
  
  > I have a vague memory, maybe wrong, that commonly used fixed RSS keys were 
selected because they had some property (-ies).
  > So, maybe just being random is not good enough?
  > I think that hypothetical `rss_isbadkey` was mentioned for a reason?
  
  I Google searched this and haven't found much evidence on RSS keys. I could 
be wrong as well.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added a comment.


  I believe Linux just uses random keys:
  
  - 
https://github.com/torvalds/linux/blob/29d9f30d4ce6c7a38745a54a8cddface10013490/net/ethtool/ioctl.c#L924
  
  Callers (example):
  
  - 
https://github.com/torvalds/linux/blob/29d9f30d4ce6c7a38745a54a8cddface10013490/drivers/net/ethernet/emulex/benet/be_main.c#L3728
  - 
https://github.com/torvalds/linux/blob/29d9f30d4ce6c7a38745a54a8cddface10013490/drivers/net/ethernet/emulex/benet/be_main.c#L3728
  
  However, DPDK uses something called "MAXIMALLY EQUIDISTRIBUTEDCOMBINED LFSR 
GENERATORS" (paper: 
https://www.ams.org/journals/mcom/1999-68-225/S0025-5718-99-01039-X/S0025-5718-99-01039-X.pdf):
  
  - 
https://github.com/DPDK/dpdk/blob/905a0c208267806f5e1f2021accec4302681e4a0/lib/librte_eal/common/rte_random.c#L131
  - Calls 
https://github.com/DPDK/dpdk/blob/905a0c208267806f5e1f2021accec4302681e4a0/lib/librte_eal/common/rte_random.c#L101
  
  Caller (example):
  
  - 
https://github.com/DPDK/dpdk/blob/c3d30e9d753ef3121c25b9403bf56ee09f2a2086/drivers/net/bnx2x/bnx2x.c#L6701

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[ae (Andrey V. Elsukov)]

ae added a comment.


  In D24989#552576 , @avg wrote:
  
  > I have a vague memory, maybe wrong, that commonly used fixed RSS keys were 
selected because they had some property (-ies).
  > So, maybe just being random is not good enough?
  > I think that hypothetical `rss_isbadkey` was mentioned for a reason?
  
  I also have such feeling. For example, you have some server that handles some 
serious workload, but after reboot due to the new key it will not be able to 
handle the same workload.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[avg (Andriy Gapon)]

avg added a comment.


  I have a vague memory, maybe wrong, that commonly used fixed RSS keys were 
selected because they had some property (-ies).
  So, maybe just being random is not good enough?
  I think that hypothetical `rss_isbadkey` was mentioned for a reason?

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: avg, markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[markm (Mark R V Murray)]

markm requested changes to this revision.
markm added inline comments.
This revision now requires changes to proceed.

INLINE COMMENTS

> rss_config.c:251
>*/
> + arc4random_buf(rss_key, RSS_KEYSIZE);
>  }

This scares me less than the previously hard-coded key, but if we are going to 
the trouble to randomise, then we need to sequence it properly.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng, markm
Cc: markm, cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org updated this revision to Diff 72463.
neel_neelc.org added a comment.


  @cem thanks for the comments.
  
  I fixed arc4random_buf().
  
  About waiting for entropy, I think you're right.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST UPDATE
  https://reviews.freebsd.org/D24989?vs=72203&id=72463

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

AFFECTED FILES
  sys/net/rss_config.c

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng
Cc: cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
diff --git a/sys/net/rss_config.c b/sys/net/rss_config.c
--- a/sys/net/rss_config.c
+++ b/sys/net/rss_config.c
@@ -74,7 +74,6 @@
  * - Synchronization for rss_key and other future-configurable parameters.
  * - Event handler drivers can register to pick up RSS configuration changes.
  * - Should we allow rss_basecpu to be configured?
- * - Randomize key on boot.
  * - IPv6 support.
  * - Statistics on how often there's a misalignment between hardware
  *   placement and pcbgroup expectations.
@@ -153,19 +152,8 @@
  * RSS secret key, intended to prevent attacks on load-balancing.  Its
  * effectiveness may be limited by algorithm choice and available entropy
  * during the boot.
- *
- * XXXRW: And that we don't randomize it yet!
- *
- * This is the default Microsoft RSS specification key which is also
- * the Chelsio T5 firmware default key.
  */
-static uint8_t rss_key[RSS_KEYSIZE] = {
-	0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
-	0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
-	0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
-	0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
-	0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
-};
+uint8_t rss_key[RSS_KEYSIZE];
 
 /*
  * RSS hash->CPU table, which maps hashed packet headers to particular CPUs.
@@ -258,11 +246,9 @@
 	}
 
 	/*
-	 * Randomize rrs_key.
-	 *
-	 * XXXRW: Not yet.  If nothing else, will require an rss_isbadkey()
-	 * loop to check for "bad" RSS keys.
+	 * Randomize rss_key.
 	 */
+	arc4random_buf(rss_key, RSS_KEYSIZE);
 }
 SYSINIT(rss_init, SI_SUB_SOFTINTR, SI_ORDER_SECOND, rss_init, NULL);
 

___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[cem (Conrad Meyer)]

cem added inline comments.

INLINE COMMENTS

> kevans wrote in rss_config.c:251
> When in doubt, perhaps CC #csprng 

With #csprng  hat on: The random 
subsystem does not guarantee it has been seeded at any point during 
auto-configuration (SYSINIT).

If it has not been seeded yet, arc4random currently gives you a weakly random 
key (hash of the CPU clock cycle counter, essentially); that is still 
marginally more random than the hardcoded value this revision deletes, but not 
especially random.  The API doesn't tell you which kind of output you got.

As far as waiting for entropy before initializing the key, doesn't that break 
RSS for existing connections?  If that is tolerable, then that seems like a 
good solution.  I'd want someone familiar with networking to approve that 
design (and this design!).

I'm not sure what the deleted XXXRW comment is referring to as far as 
rss_isbadkey().

As far as the actual arc4random_buf invocation, `s/&rss_key/rss_key/`.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng
Cc: cem, #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added a reviewer: csprng.
neel_neelc.org added a project: csprng.
neel_neelc.org added a subscriber: csprng.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng
Cc: #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added a comment.


  @kevans thanks for the suggestion, I added csprng to this thread.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org, #csprng
Cc: #csprng, kevans, debdrup, rwatson, imp, ae, melifaro, 
#contributor_reviews_base, freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, 
marcnarc_gmail.com, simonvella_gmail.com, novice_techie.com, 
tommi.pernila_iki.fi, krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[kevans (Kyle Evans)]

kevans added inline comments.

INLINE COMMENTS

> neel_neelc.org wrote in rss_config.c:251
> I'm not sure, I'm not an expert on entropy, but we could wait for entropy 
> before calling this.

When in doubt, perhaps CC #csprng 

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: kevans, debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added inline comments.

INLINE COMMENTS

> melifaro wrote in rss_config.c:251
> Are we sure that there is enough entropy available at the moment of calling 
> it?

I'm not sure, I'm not an expert on entropy, but we could wait for entropy 
before calling this.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[melifaro (Alexander V. Chernikov)]

melifaro added inline comments.

INLINE COMMENTS

> rss_config.c:251
>*/
> + arc4random_buf(&rss_key, RSS_KEYSIZE);
>  }

Are we sure that there is enough entropy available at the moment of calling it?

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org added a comment.


  Sure.

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[debdrup (Daniel Ebdrup)]

debdrup added subscribers: rwatson, debdrup.
debdrup added a comment.


  Did you mean to add some reviewers for this too? :)
  Looks like @rwatson might have some thoughts on this :)

REPOSITORY
  rS FreeBSD src repository

CHANGES SINCE LAST ACTION
  https://reviews.freebsd.org/D24989/new/

REVISION DETAIL
  https://reviews.freebsd.org/D24989

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: debdrup, rwatson, imp, ae, melifaro, #contributor_reviews_base, 
freebsd-net-list, mmacy, kpraveen.lkml_gmail.com, marcnarc_gmail.com, 
simonvella_gmail.com, novice_techie.com, tommi.pernila_iki.fi, 
krzysztof.galazka_intel.com
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Differential] D24989: netinet: Generate a random RSS key on boot.

[neel_neelc.org (Neel Chauhan)]

neel_neelc.org created this revision.
neel_neelc.org added a project: network.
Herald added subscribers: Contributor Reviews (base), melifaro, ae, imp.
neel_neelc.org requested review of this revision.

REVISION SUMMARY
  netinet: Generate a random RSS key on boot.
  
  Submitted by: Neel Chauhan 

REPOSITORY
  rS FreeBSD src repository

REVISION DETAIL
  https://reviews.freebsd.org/D24989

AFFECTED FILES
  sys/net/rss_config.c

EMAIL PREFERENCES
  https://reviews.freebsd.org/settings/panel/emailpreferences/

To: neel_neelc.org
Cc: imp, ae, melifaro, #contributor_reviews_base, freebsd-net-list, mmacy, 
kpraveen.lkml_gmail.com, marcnarc_gmail.com, simonvella_gmail.com, 
novice_techie.com, tommi.pernila_iki.fi, krzysztof.galazka_intel.com
diff --git a/sys/net/rss_config.c b/sys/net/rss_config.c
--- a/sys/net/rss_config.c
+++ b/sys/net/rss_config.c
@@ -74,7 +74,6 @@
  * - Synchronization for rss_key and other future-configurable parameters.
  * - Event handler drivers can register to pick up RSS configuration changes.
  * - Should we allow rss_basecpu to be configured?
- * - Randomize key on boot.
  * - IPv6 support.
  * - Statistics on how often there's a misalignment between hardware
  *   placement and pcbgroup expectations.
@@ -153,19 +152,8 @@
  * RSS secret key, intended to prevent attacks on load-balancing.  Its
  * effectiveness may be limited by algorithm choice and available entropy
  * during the boot.
- *
- * XXXRW: And that we don't randomize it yet!
- *
- * This is the default Microsoft RSS specification key which is also
- * the Chelsio T5 firmware default key.
  */
-static uint8_t rss_key[RSS_KEYSIZE] = {
-	0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
-	0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
-	0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
-	0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
-	0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
-};
+uint8_t rss_key[RSS_KEYSIZE];
 
 /*
  * RSS hash->CPU table, which maps hashed packet headers to particular CPUs.
@@ -258,11 +246,9 @@
 	}
 
 	/*
-	 * Randomize rrs_key.
-	 *
-	 * XXXRW: Not yet.  If nothing else, will require an rss_isbadkey()
-	 * loop to check for "bad" RSS keys.
+	 * Randomize rss_key.
 	 */
+	arc4random_buf(&rss_key, RSS_KEYSIZE);
 }
 SYSINIT(rss_init, SI_SUB_SOFTINTR, SI_ORDER_SECOND, rss_init, NULL);
 

___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"