On Tue, Oct 17, 2023 at 5:34 PM Jakub Kicinski <kuba@xxxxxxxxxx> wrote: > > On Tue, 17 Oct 2023 13:41:18 -0700 Alexander Duyck wrote: > > I am thinking of this from a software engineering perspective. This > > symmetric-xor aka simplified-toeplitz is actually much cheaper to > > implement in software than the original. As such I would want it to be > > considered a separate algorithm as I could make use of something like > > that when having to implement RSS in QEMU for instance. > > That's exactly why XOR and CRC32 _algorithms_ already exist. > CPUs have instructions to do them word at a time. > > ETH_RSS_HASH_TOP_BIT, /* Configurable RSS hash function - > Toeplitz */ > ETH_RSS_HASH_XOR_BIT, /* Configurable RSS hash function - Xor */ > ETH_RSS_HASH_CRC32_BIT, /* Configurable RSS hash function - Crc32 */ > > If efficient SW implementation is important why do some weird > bastardized para-toeplitz and not crc32? Hashes fairly well > from what I recall with the older NFPs. x86 has an instruction > for it, IIRC it was part of SSE but on normal registers. If we want to not support that I would be fine with that too. In my view this is about as secure as using the 16b repeating key. > > Based on earlier comments it doesn't change the inputs, it just > > changes how I have to handle the data and the key. It starts reducing > > things down to something like the Intel implementation of Flow > > Director in terms of how the key gets generated and hashed. > > About Flow Director I know only that it is bad :) Yeah, and that is my concern w/ the symmetric XOR is that it isn't good. It opens up the toeplitz hash to exploitation. You can target the same bucket by just making sure that source IP and port XOR with destination IP and port to the same value. That can be done by adding the same amount to each side. So there are 2^144 easily predictable possible combinations that will end up in the same hash bucket. Seems like it might be something that could be exploitable. That is why I want it marked out as a separate algo since it is essentially destroying entropy before we even get to the Toeplitz portion of the hash. As such it isn't a hash I would want to use for anything that is meant to spread workload since it is so easily exploitable.
