Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Michael Markstaller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

better answer late, than never..
To conclude: We won't get to a common opinion on that I guess.

I just wanted to draw your attention (from time to time, maybe once a
year) onto that this 0,52% IPv6-stuff isn't real life, honestly.
99,48% are v4-only, thats just a fact, there is no v6 outside Testbeds
and Freaks (and I count myself as freak, but I don't use it productive
because I cannot spend 12hrs a day with all the problems it implies)

Am 23.04.2012 11:26, schrieb Gert Doering:
 Hi,
 
 On Mon, Apr 23, 2012 at 01:49:18AM +0200, Michael Markstaller
 wrote:
 Appreciate your work really but just my 5ct: noone needs IPv6 if
 not in search for troubles or many new (security)-problems.
 
 Welcome to the 21st century.
 
 There are ISPs in Asia today(!) that *will* *not* give you an IPv4
 address, because they have none left.

Thats egostic now but: is this my problem? No, my problems are
everyday stuff in common and existing IPv4 networks..
So with a workload of 110% an IPv6 migration will make things better?
Won't guess ;)

 I love the --disable-ipv6 switch, please keep it working without
 this experiment, I guess there are many other fields to work on -
 with more relationship to real-life :o
 
 IPv6 is most relevant to real-life.
see above, which real life, sorry, I still havent any customer asking
for, that *is* real life.
Things are made by business and money - I don't like that though, I'd
rather prefer to get the time to migrate anyone I know to IPv6 but
thats not the truth of life..
As soon as an v4 /24 costs more than migrating a large network to v6,
I'd agree that it is real life

 Many of the problems we see in IPv6 deployments are caused exactly
 by this attitude - instead of *using* it and fixing the problems
 that are still left, disabling it and hoping that it won't be
 needed before personal retirement.  This won't get any of the
 issues fixed, and one day you'll find yourself in need of IPv6, and
 the problems are still there.

I understand your concerns and share them absolutely!
It was right after we met (many) years ago, I started v6 internally,
but honestly, I can only do this as a hobby (and I *do*) - for
production I have to make sure things work 24x7, my customers dont
care if I use v4, v6 or NetBEUI - if it works :p

And just to givean example: after upgrading to Windows 12.04 on my
Notebook last week, I had to disable v6 to make Wlanlan work
concurrently as it detected duplicated v6-IPs with the mac of the
wlan (no v6 active at all in this net) - there are still many things
broken.
On this Friday morning I just had to work, not chase v6-issues..
- - I'll file a bug for that surely (and first search 30min if it
doesn't exist already) but that takes some minutes to qualify that.

So, finally please understand also, that there is a 99,48%-world
besides v6 which has to work as it is.

Michael

P.S.: I promise to put up v6 again and report what I find, I just ask
to remind the latest point ;)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+lvNAACgkQaWRHV2kMuAJgKACgup/C4J+wyDh6loclYRyyyO2N
s8sAoIc3TFQkENInSRarqYBqLi1JBzL7
=Eg4i
-END PGP SIGNATURE-
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Jo-Philipp Wich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 So, finally please understand also, that there is a 99,48%-world
 besides v6 which has to work as it is.

Finally, please understand that your IPv6 discussion in this thread is
pointless, off topic and and unproductive. It draws attention away from
the main objective, which is eliminating bottlenecks in the packet
processing path.

Neither has the proposed patch set anything to do with any
- --disable-ipv6 switch nor has it any implications on IPv6 security or
deployment scenarios.

If you have specific problems with IPv6 being enabled then feel free to
discuss it in a separate thread.

~ Jow
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+lvpAACgkQdputYINPTPMYuQCff/26OhJyiDodcEeg+aI0fGto
vT0Anj4QLjSdcGp5TU3kLkLCdfdzHRwE
=99oq
-END PGP SIGNATURE-
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Philip Prindeville]

On 4/30/12 12:34 PM, Felix Fietkau wrote:
 On 2012-04-30 8:11 PM, Dave Taht wrote:
 On Mon, Apr 30, 2012 at 10:26 AM, Felix Fietkau n...@openwrt.org wrote:

 I agree it would blow up the dcache and be worse than what exists by a lot.

 So, out of this conversation:

 1) It would be nice to not have this patch take effect on any but the
 ar71xx and ar91xx. As these share code in openwrt, doing it with a
 compile time define
 Right. For upstreaming parts of this stuff, this would definitely be
 necessary.
 
 2) IF there existed another brain damaged ethernet chip on some other
 arch, it would be worth coming up with a Kbuild option to enable
 defining __packed generically as part of the network stack for those
 arches. Something more
 pithy than

 #define F_ING_HW_ENGINEER_SAVED_PIN

 would be needed tho.

 #define UNALIGNED_ETHERNET

 perhaps.
 There could be a generic Kconfig variable which could be selected by CPU
 targets or ethernet drivers (with a dependency on
 !HAVE_EFFICIENT_UNALIGNED_ACCESS).
 That's cleaner than messing around with #define stuff manually.
 
 3) I don't like the tcp_hdr macro in general, but it looks like that
 is an obsolete part of the patch anyway, so I'll try ripping it out.

 4) get_unaligned_be32 seems like the right thing rather than
 get_unaligned_cpu32?
 Right.
 
 5) I THINK the 'if aligned, do assembly version' for the checksums is
 a win, but if item #2 is true, I'm not happy with the casts...

 @@ -105,6 +141,9 @@ static inline __sum16 ip_fast_csum(const void
 *iph, unsigned int ihl)
 unsigned int csum;
 int carry;

 +   if ((unsigned int) iph  3)
 +   return ip_fast_csum_unaligned(iph,ihl);
 +
 For casts from pointers to integers, the kernel typically uses unsigned
 long instead of unsigned int.
 
 - Felix

The kernel has a specific type for this:

include/linux/types.h:typedef unsigned long uintptr_t;


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Sun, 2012-04-22 at 14:48 -0700, Dave Täht wrote:
 
 + 
 +-#define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))-words [3]) 
 ++#define tcp_flag_word2(tp) ( ((union tcp_word_hdr *)(tp))-words [3])
 ++#define tcp_flag_word(tp) ( __get_unaligned_cpu32union tcp_word_hdr 
 *)(tp))-words [3])))

Ewww. And didn't you already make that union __packed anyway? 

 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
 +index 22ef5f9..bf3f773 100644
 +--- a/net/ipv4/tcp.c
  b/net/ipv4/tcp.c
 +@@ -2834,7 +2834,7 @@ found:
 + 
 +   p = *head;
 +   th2 = tcp_hdr(p);
 +-  tcp_flag_word(th2) |= flags  (TCP_FLAG_FIN | TCP_FLAG_PSH);
 ++  tcp_flag_word2(th2) = tcp_flag_word(th2) | flags  (TCP_FLAG_FIN | 
 TCP_FLAG_PSH);

net/ipv4/tcp.c: In function 'tcp_gro_receive':
net/ipv4/tcp.c:2837:82: warning: suggest parentheses around arithmetic in 
operand of '|' [-Wparentheses]

Have you posted these patches to the netdev list? And is the response
going to be just make sure your network devices are receiving packets
into sensibly-aligned buffers, and none of this is necessary?

There's a reason a lot of Ethernet drivers pad the start of their skb by
2 bytes before receiving the packet... 

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Dave Taht]

On Mon, Apr 30, 2012 at 3:49 AM, David Woodhouse dw...@infradead.org wrote:
 On Sun, 2012-04-22 at 14:48 -0700, Dave Täht wrote:


Thank you very much for the code review!

 +
 +-#define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))-words [3])
 ++#define tcp_flag_word2(tp) ( ((union tcp_word_hdr *)(tp))-words [3])
 ++#define tcp_flag_word(tp) ( __get_unaligned_cpu32union tcp_word_hdr 
 *)(tp))-words [3])))

 Ewww. And didn't you already make that union __packed anyway?

yes, ewww. I'll note that I don't like the define in the general case.
It is used both for assignment (once!) and for access , which is why
it got broken into two macros...


 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
 +index 22ef5f9..bf3f773 100644
 +--- a/net/ipv4/tcp.c
  b/net/ipv4/tcp.c
 +@@ -2834,7 +2834,7 @@ found:
 +
 +       p = *head;
 +       th2 = tcp_hdr(p);
 +-      tcp_flag_word(th2) |= flags  (TCP_FLAG_FIN | TCP_FLAG_PSH);
 ++      tcp_flag_word2(th2) = tcp_flag_word(th2) | flags  (TCP_FLAG_FIN | 
 TCP_FLAG_PSH);

 net/ipv4/tcp.c: In function 'tcp_gro_receive':
 net/ipv4/tcp.c:2837:82: warning: suggest parentheses around arithmetic in 
 operand of '|' [-Wparentheses]

 Have you posted these patches to the netdev list? And is the response
 going to be just make sure your network devices are receiving packets
 into sensibly-aligned buffers, and none of this is necessary?

Yes, that would be the answer I expect from the list.

There is no reason to try to push this stuff upstream.

 There's a reason a lot of Ethernet drivers pad the start of their skb by
 2 bytes before receiving the packet...

Tell it to however wired up this chip and shipped it in qty millions.
Actually that message was already received, successor chipsets from
this manufacturer did it up right.

I am somewhat forgiving in that. Compared to some arches I've worked
with the ar71xx is very solid. (for comparison, take the ep9302, where
a working toolchain didn't arrive until 2 years after the chip had
ceased production)

But this problem is a PITA, and as demonstrated, scribbling on these
core portions of the stack improves performance by an enormous amount.

 --
 dwmw2

 ___
 openwrt-devel mailing list
 openwrt-devel@lists.openwrt.org
 https://lists.openwrt.org/mailman/listinfo/openwrt-devel




-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.

So the real problem is that the ar71xx doesn't allow you to DMA to
addresses which aren't aligned to 4 bytes? Which network devices does
that restriction apply to? All of them?

Out of interest, have you done a performance comparison with just
*moving* the packet when it arrives?

If this really is needed to work around hardware limitations, I don't
see why *some* of it shouldn't be acceptable upstream. A config option
to add '__packed' to various structures is fairly harmless, for
example...

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Felix Fietkau]

On 2012-04-30 4:49 PM, David Woodhouse wrote:
 On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.
 
 So the real problem is that the ar71xx doesn't allow you to DMA to
 addresses which aren't aligned to 4 bytes? Which network devices does
 that restriction apply to? All of them?
AR71xx and AR91xx are affected, AR724x, AR933x, AR934x are unaffected.

 Out of interest, have you done a performance comparison with just
 *moving* the packet when it arrives?
I did some tests before I did the first unaligned hack patch, I don't
have the numbers anymore, but the results were horrible.

 If this really is needed to work around hardware limitations, I don't
 see why *some* of it shouldn't be acceptable upstream. A config option
 to add '__packed' to various structures is fairly harmless, for
 example...
Makes sense

- Felix
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Dave Taht]

On Mon, Apr 30, 2012 at 7:49 AM, David Woodhouse dw...@infradead.org wrote:
 On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.

 So the real problem is that the ar71xx doesn't allow you to DMA to
 addresses which aren't aligned to 4 bytes? Which network devices does
 that restriction apply to? All of them?


 Out of interest, have you done a performance comparison with just
 *moving* the packet when it arrives?

I did not. Felix did.



Fixing this issue has had a long, tortuous history...

this got tried and later backed out...

https://dev.openwrt.org/changeset/20892

- on ar724x, rx buffers can be aligned with an offset of 2, which
keeps the ip header aligned
- alignment offset is only added if the ar8216 workaround is not
active and the phy driver does not advertise its own packet alignment
- ar71xx and ar91xx can not handle rx alignment offsets, however
taking a hit on unaligned exceptions seems to have less overhead than
re-aligning the data for large packets
- use memmove to re-align small packets, if necessary

tested on ar9132, ar7240 and ar7242 based devices without ar8216 headers

Which got backed out here:

https://dev.openwrt.org/ticket/7236

So I'd certainly be willing to attempt realignment in the driver, and
sort of remember that it's like a one-liner to do nowadays...

but it is a 16 bit bus, and packets are dmaed, so getting the cpu
involved on every ethernet transfer strikes me as potentially very
bad.


 If this really is needed to work around hardware limitations, I don't
 see why *some* of it shouldn't be acceptable upstream. A config option
 to add '__packed' to various structures is fairly harmless, for
 example...

The __packed trick, so far as I know, is undefined gcc behavior. But, yea,
perhaps something more PC than this

#define F_ING_HW_ENGINEER_SAVED_A_PIN __packed


 --
 dwmw2



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Dave Taht]

On Mon, Apr 30, 2012 at 8:02 AM, Felix Fietkau n...@openwrt.org wrote:
 On 2012-04-30 4:49 PM, David Woodhouse wrote:
 On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.

 So the real problem is that the ar71xx doesn't allow you to DMA to
 addresses which aren't aligned to 4 bytes? Which network devices does
 that restriction apply to? All of them?
 AR71xx and AR91xx are affected, AR724x, AR933x, AR934x are unaffected.

I guess a long term issue is this patch needs to apply only to those arches,
somehow. It's silly to be hurtful to the successor arches.


 Out of interest, have you done a performance comparison with just
 *moving* the packet when it arrives?
 I did some tests before I did the first unaligned hack patch, I don't
 have the numbers anymore, but the results were horrible.

I'm still looking for the 'one liner to pass the driver to tell it to realign',
but was that the approach you were trying...


 If this really is needed to work around hardware limitations, I don't
 see why *some* of it shouldn't be acceptable upstream. A config option
 to add '__packed' to various structures is fairly harmless, for
 example...
 Makes sense

 - Felix



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Felix Fietkau]

On 2012-04-30 5:08 PM, Dave Taht wrote:
 On Mon, Apr 30, 2012 at 8:02 AM, Felix Fietkau n...@openwrt.org wrote:
 On 2012-04-30 4:49 PM, David Woodhouse wrote:
 On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.

 So the real problem is that the ar71xx doesn't allow you to DMA to
 addresses which aren't aligned to 4 bytes? Which network devices does
 that restriction apply to? All of them?
 AR71xx and AR91xx are affected, AR724x, AR933x, AR934x are unaffected.
 
 I guess a long term issue is this patch needs to apply only to those arches,
 somehow. It's silly to be hurtful to the successor arches.
 

 Out of interest, have you done a performance comparison with just
 *moving* the packet when it arrives?
 I did some tests before I did the first unaligned hack patch, I don't
 have the numbers anymore, but the results were horrible.
 
 I'm still looking for the 'one liner to pass the driver to tell it to 
 realign',
 but was that the approach you were trying...
I did test with such a one liner (or maybe it was a two liner), but I
didn't keep the patch.
I think it's quite normal that this approach is so much more expensive
than adding the unaligned access hacks. The main bottleneck on these
devices is the memory bus, and for normal traffic passed through the
device as a router, the CPU does not have to touch much of the payload
contents at all, since it's only touched by DMA.
Doing a memmove to re-align the packet contents blows the dcache
footprint out of proportion and significantly increases the amount of
unnecessary memory bus traffic.

- Felix
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Dave Taht]

On Mon, Apr 30, 2012 at 10:26 AM, Felix Fietkau n...@openwrt.org wrote:
 On 2012-04-30 5:08 PM, Dave Taht wrote:
 On Mon, Apr 30, 2012 at 8:02 AM, Felix Fietkau n...@openwrt.org wrote:
 On 2012-04-30 4:49 PM, David Woodhouse wrote:
 On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.

 So the real problem is that the ar71xx doesn't allow you to DMA to
 addresses which aren't aligned to 4 bytes? Which network devices does
 that restriction apply to? All of them?
 AR71xx and AR91xx are affected, AR724x, AR933x, AR934x are unaffected.

 I guess a long term issue is this patch needs to apply only to those arches,
 somehow. It's silly to be hurtful to the successor arches.


 Out of interest, have you done a performance comparison with just
 *moving* the packet when it arrives?
 I did some tests before I did the first unaligned hack patch, I don't
 have the numbers anymore, but the results were horrible.

 I'm still looking for the 'one liner to pass the driver to tell it to 
 realign',
 but was that the approach you were trying...
 I did test with such a one liner (or maybe it was a two liner), but I
 didn't keep the patch.
 I think it's quite normal that this approach is so much more expensive
 than adding the unaligned access hacks. The main bottleneck on these
 devices is the memory bus, and for normal traffic passed through the
 device as a router, the CPU does not have to touch much of the payload
 contents at all, since it's only touched by DMA.
 Doing a memmove to re-align the packet contents blows the dcache
 footprint out of proportion and significantly increases the amount of
 unnecessary memory bus traffic.

I agree it would blow up the dcache and be worse than what exists by a lot.

So, out of this conversation:

1) It would be nice to not have this patch take effect on any but the
ar71xx and ar91xx. As these share code in openwrt, doing it with a
compile time define

2) IF there existed another brain damaged ethernet chip on some other
arch, it would be worth coming up with a Kbuild option to enable
defining __packed generically as part of the network stack for those
arches. Something more
pithy than

#define F_ING_HW_ENGINEER_SAVED_PIN

would be needed tho.

#define UNALIGNED_ETHERNET

perhaps.

3) I don't like the tcp_hdr macro in general, but it looks like that
is an obsolete part of the patch anyway, so I'll try ripping it out.

4) get_unaligned_be32 seems like the right thing rather than
get_unaligned_cpu32?

5) I THINK the 'if aligned, do assembly version' for the checksums is
a win, but if item #2 is true, I'm not happy with the casts...

@@ -105,6 +141,9 @@ static inline __sum16 ip_fast_csum(const void
*iph, unsigned int ihl)
unsigned int csum;
int carry;

+   if ((unsigned int) iph  3)
+   return ip_fast_csum_unaligned(iph,ihl);
+


 - Felix



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Felix Fietkau]

On 2012-04-30 8:11 PM, Dave Taht wrote:
 On Mon, Apr 30, 2012 at 10:26 AM, Felix Fietkau n...@openwrt.org wrote:
 On 2012-04-30 5:08 PM, Dave Taht wrote:
 On Mon, Apr 30, 2012 at 8:02 AM, Felix Fietkau n...@openwrt.org wrote:
 On 2012-04-30 4:49 PM, David Woodhouse wrote:
 On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
 Tell it to however wired up this chip and shipped it in qty millions.
 Actually that message was already received, successor chipsets from
 this manufacturer did it up right.

 So the real problem is that the ar71xx doesn't allow you to DMA to
 addresses which aren't aligned to 4 bytes? Which network devices does
 that restriction apply to? All of them?
 AR71xx and AR91xx are affected, AR724x, AR933x, AR934x are unaffected.

 I guess a long term issue is this patch needs to apply only to those arches,
 somehow. It's silly to be hurtful to the successor arches.


 Out of interest, have you done a performance comparison with just
 *moving* the packet when it arrives?
 I did some tests before I did the first unaligned hack patch, I don't
 have the numbers anymore, but the results were horrible.

 I'm still looking for the 'one liner to pass the driver to tell it to 
 realign',
 but was that the approach you were trying...
 I did test with such a one liner (or maybe it was a two liner), but I
 didn't keep the patch.
 I think it's quite normal that this approach is so much more expensive
 than adding the unaligned access hacks. The main bottleneck on these
 devices is the memory bus, and for normal traffic passed through the
 device as a router, the CPU does not have to touch much of the payload
 contents at all, since it's only touched by DMA.
 Doing a memmove to re-align the packet contents blows the dcache
 footprint out of proportion and significantly increases the amount of
 unnecessary memory bus traffic.
 
 I agree it would blow up the dcache and be worse than what exists by a lot.
 
 So, out of this conversation:
 
 1) It would be nice to not have this patch take effect on any but the
 ar71xx and ar91xx. As these share code in openwrt, doing it with a
 compile time define
Right. For upstreaming parts of this stuff, this would definitely be
necessary.

 2) IF there existed another brain damaged ethernet chip on some other
 arch, it would be worth coming up with a Kbuild option to enable
 defining __packed generically as part of the network stack for those
 arches. Something more
 pithy than
 
 #define F_ING_HW_ENGINEER_SAVED_PIN
 
 would be needed tho.
 
 #define UNALIGNED_ETHERNET
 
 perhaps.
There could be a generic Kconfig variable which could be selected by CPU
targets or ethernet drivers (with a dependency on
!HAVE_EFFICIENT_UNALIGNED_ACCESS).
That's cleaner than messing around with #define stuff manually.

 3) I don't like the tcp_hdr macro in general, but it looks like that
 is an obsolete part of the patch anyway, so I'll try ripping it out.
 
 4) get_unaligned_be32 seems like the right thing rather than
 get_unaligned_cpu32?
Right.

 5) I THINK the 'if aligned, do assembly version' for the checksums is
 a win, but if item #2 is true, I'm not happy with the casts...
 
 @@ -105,6 +141,9 @@ static inline __sum16 ip_fast_csum(const void
 *iph, unsigned int ihl)
 unsigned int csum;
 int carry;
 
 +   if ((unsigned int) iph  3)
 +   return ip_fast_csum_unaligned(iph,ihl);
 +
For casts from pointers to integers, the kernel typically uses unsigned
long instead of unsigned int.

- Felix
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Mon, 2012-04-30 at 11:11 -0700, Dave Taht wrote:
 On Mon, Apr 30, 2012 at 10:26 AM, Felix Fietkau n...@openwrt.org wrote:
  On 2012-04-30 5:08 PM, Dave Taht wrote:
  On Mon, Apr 30, 2012 at 8:02 AM, Felix Fietkau n...@openwrt.org wrote:
  On 2012-04-30 4:49 PM, David Woodhouse wrote:
  On Mon, 2012-04-30 at 07:41 -0700, Dave Taht wrote:
  Tell it to however wired up this chip and shipped it in qty millions.
  Actually that message was already received, successor chipsets from
  this manufacturer did it up right.
 
  So the real problem is that the ar71xx doesn't allow you to DMA to
  addresses which aren't aligned to 4 bytes? Which network devices does
  that restriction apply to? All of them?
  AR71xx and AR91xx are affected, AR724x, AR933x, AR934x are unaffected.
 
  I guess a long term issue is this patch needs to apply only to those 
  arches,
  somehow. It's silly to be hurtful to the successor arches.
 
 
  Out of interest, have you done a performance comparison with just
  *moving* the packet when it arrives?
  I did some tests before I did the first unaligned hack patch, I don't
  have the numbers anymore, but the results were horrible.
 
  I'm still looking for the 'one liner to pass the driver to tell it to 
  realign',
  but was that the approach you were trying...
  I did test with such a one liner (or maybe it was a two liner), but I
  didn't keep the patch.
  I think it's quite normal that this approach is so much more expensive
  than adding the unaligned access hacks. The main bottleneck on these
  devices is the memory bus, and for normal traffic passed through the
  device as a router, the CPU does not have to touch much of the payload
  contents at all, since it's only touched by DMA.
  Doing a memmove to re-align the packet contents blows the dcache
  footprint out of proportion and significantly increases the amount of
  unnecessary memory bus traffic.
 
 I agree it would blow up the dcache and be worse than what exists by a lot.
 
 So, out of this conversation:
 
 1) It would be nice to not have this patch take effect on any but the
 ar71xx and ar91xx. As these share code in openwrt, doing it with a
 compile time define

This bothers me. It sounds like you don't even *care* about getting code
merged upstream. I know it's potentially hard in this case, but it
should still be the default mode.

A good start would be to have patches that aren't platform-specific, and
can be applied across the board.

 
 2) IF there existed another brain damaged ethernet chip on some other
 arch, 

There are certainly plenty of architectures where alignment traps are
very expensive, and a fair number of brain-damaged network devices that
can't ensure their packets end up suitably aligned, either. I think it's
sane enough to at least *try* talking to DaveM about a condition
'__packed' on the relevant structures, and a simple 'load __be32' and
'load __u32' operation that may or may not explicitly use unaligned
loads according to the same config option.

 it would be worth coming up with a Kbuild option to enable
 defining __packed generically as part of the network stack for those
 arches. Something more
 pithy than
 
 #define F_ING_HW_ENGINEER_SAVED_PIN
 
 would be needed tho.
 
 #define UNALIGNED_ETHERNET

Network, not Ethernet. But yeah, something like that.

 perhaps.
 
 3) I don't like the tcp_hdr macro in general, but it looks like that
 is an obsolete part of the patch anyway, so I'll try ripping it out.

Sounds good.

There are also a bunch of 16-bit loads that are being patched — is there
any point in that? Surely the packets are still aligned to *2* bytes?

This one looks suspicious too:

--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -17,7 +17,10 @@ static void iph_to_flow_copy_addrs(struct flow_keys *flow, co
nst struct iphdr *i
 {
BUILD_BUG_ON(offsetof(typeof(*flow), dst) !=
 offsetof(typeof(*flow), src) + sizeof(flow-src));
-   memcpy(flow-src, iph-saddr, sizeof(flow-src) + sizeof(flow-dst));
+   /*  memcpy(flow-src, iph-saddr, sizeof(flow-src) + 
sizeof(flow-dst)); */
+   flow-src = iph-saddr;
+   flow-dst = iph-daddr;
+
 }

 4) get_unaligned_be32 seems like the right thing rather than
 get_unaligned_cpu32?

In some cases, yes. I actually think you should define specific macros
which do each, and their behaviour is just a straight dereference if
CONFIG_NETWORK_UNALIGNED is not set.

 5) I THINK the 'if aligned, do assembly version' for the checksums is
 a win, but if item #2 is true, I'm not happy with the casts...
 
 @@ -105,6 +141,9 @@ static inline __sum16 ip_fast_csum(const void
 *iph, unsigned int ihl)
 unsigned int csum;
 int carry;
 
 +   if ((unsigned int) iph  3)
 +   return ip_fast_csum_unaligned(iph,ihl);
 +

At least that one is in MIPS-specific code, so it's easier to stomach.
But yeah, cast it to 'unsigned long'. And why not write an assembly
routine that copes with unaligned 

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Mon, 2012-04-30 at 20:34 +0200, Felix Fietkau wrote:
 There could be a generic Kconfig variable which could be selected by CPU
 targets or ethernet drivers (with a dependency on
 !HAVE_EFFICIENT_UNALIGNED_ACCESS).
 That's cleaner than messing around with #define stuff manually.

Don't just select it; you *might* have a crappy network driver that
can't insert padding to align its packets, but you might not care about
performance for that particular device — you might use it for a
low-traffic interface or something, or not use it at all.

It's a user choice, I think.

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Karl P]

On 04/30/2012 06:48 PM, David Woodhouse wrote:

On Mon, 2012-04-30 at 20:34 +0200, Felix Fietkau wrote:

There could be a generic Kconfig variable which could be selected by CPU
targets or ethernet drivers (with a dependency on
!HAVE_EFFICIENT_UNALIGNED_ACCESS).
That's cleaner than messing around with #define stuff manually.


Don't just select it; you *might* have a crappy network driver that
can't insert padding to align its packets, but you might not care about
performance for that particular device — you might use it for a
low-traffic interface or something, or not use it at all.

It's a user choice, I think.


As a user, I _never_ want to have to go and turn on the switch that says, make 
my device work as fast as it can


Is there any reason that I would _not_ want this?  Not caring about performance 
is not a good reason to not provide performance.


Cheers,
Karl P
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Mon, 2012-04-30 at 19:16 +, Karl P wrote:
 As a user, I _never_ want to have to go and turn on the switch that says, 
 make 
 my device work as fast as it can
 
 Is there any reason that I would _not_ want this?  

You may only have a printer, or something like that, attached to the
crappy Ethernet port. And hacking the entire network stack to load
integers byte-by-byte instead of doing 32-bit loads may have an adverse
effect on the performance of the decent interfaces that you *do* care
about.

Do we have numbers on how much the performance *decrease* is, for decent
network devices that *do* actually align their packets sanely?

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Sun, 2012-04-22 at 14:48 -0700, Dave Täht wrote:
 +--- a/net/ipv6/netfilter/ip6t_LOG.c
  b/net/ipv6/netfilter/ip6t_LOG.c
 +@@ -64,9 +64,9 @@ static void dump_packet(struct sbuff *m,
 +   /* Max length: 44 LEN=65535 TC=255 HOPLIMIT=255 FLOWLBL=F  */
 +   sb_add(m, LEN=%Zu TC=%u HOPLIMIT=%u FLOWLBL=%u ,
 +  ntohs(ih-payload_len) + sizeof(struct ipv6hdr),
 +- (ntohl(*(__be32 *)ih)  0x0ff0)  20,
 ++ (ntohl(__get_unaligned_cpu32((__be32 *)ih))  0x0ff0)  
 20,
 +  ih-hop_limit,
 +- (ntohl(*(__be32 *)ih)  0x000f));
 ++ (ntohl(__get_unaligned_cpu32((__be32 *)ih))  0x000f));


Surely that should be get_unaligned_be32()?

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Tue, 2012-04-24 at 00:51 +0200, Michael Markstaller wrote: 
 (I remember the IPv6-day last year, it was funny, even Google failed
 30-50%..)

That's an... interesting assertion that I've not heard before. Google's
own analysis was significantly different. They said:

We carried about 65% more IPv6 traffic than usual, saw no significant
issues and did not have to disable IPv6 access for any networks or
services.

And on the surface, the first global test of IPv6 passed without
incident.

http://googleblog.blogspot.co.uk/2011/06/world-ipv6-day-begins-24-hours-from-now.html

 Do you expect any DSL user or Soho-Admin which doesn't even understand
 what an (IPv4) Subnet-mask is to understand that..

Of course not. That's why we're working on stuff like PD so that it just
gets delegated by the ISP and all works automatically.

 a) It's a big security risk at first as noone really knows whats going
 on with IPv6 (at least on customer/user-side!)

With respect, that's complete crap. The security implications are
exactly the same with IPv6 as with Legacy IP. By *default* for the home
user, you want a connection-tracking firewall that allows outbound-only
connections.

Some people are naïve enough to think that NAT gives you some kind of
security. That's complete crap too. With ALGs automatically opening up
return paths, and with uPnP allowing you to open them willy-nilly,
allowing an inbound connection when you're behind NAT isn't *that* much
harder than just calling listen().

For Legacy IP, a decent connection-tracking firewall is perfectly
sufficient and arguably *better* than the false security of NAT. For
IPv6 it's just the same.

 So the first thing before even considering it, is the Firewall on the
 router (here: OpenWRT) should be at least as closed as for IPv4 with
 NAT by default. Is it? 

I *think* it is, but I'm not sure. I vaguely remember having to turn the
poxy thing off in order to get inbound connections working properly.

 That beams the Internet back to 1990, where you just trusted that the
 others won't do no harm anyway, the only current protection is IMHO
 that noone knows, how to exploit it..

No, this is also absolutely wrong. In 1990, servers and protocols
weren't really designed to cope with a malicious network. There was no
SSL. We used telnet, not SSH. And you could crash most boxes by sending
fragmented packets that added up to more than 64KiB.

In 1990, a firewall might have actually made *sense*.

These days, a huge proportion of devices are mobile (phones, laptops),
and will connect to arbitrary wireless networks when they're out and
about. They may well get an address which isn't firewalled from the
outside world (even if it has NAT, it probably still allows some
incoming connections), and which almost *certainly* isn't firewalled
from all the other untrusted machines on the same network.

If those devices are *really* stuck in the 1990s in every other respect,
and are only relying on a firewall as a band-aid to let them survive in
the 21st century, as you suggest, they they have already lost the game.

Thankfully, that just isn't the case. So no, you are absolutely wrong to
suggest that *if* we didn't have a firewall enabled by default, that
beams the Internet back to 1990.

Not that it's relevant anyway, because we *should* (and do?) have a
firewall enabled by default. It's a stupid band-aid to work around
broken software, and should never really be necessary in an ideal world
— but it's a fact of life that people expect it and in some rare cases,
if they're really stupid, intentionally rely on it.

 b) As you mentioned in later posts, it's a pain mixed with more pain,
 6to4, 6rd, causes timeouts, problems, troubles (how do I teach that my
 6 Cisco Border-Routers? oh well I could buy new ones with 8x RAM
 etc..)- which end-user wants them and - who pays for? Noone..

I'm not quite sure if you're making a serious point here or just
wittering. Yes, 6to4 is a bad way to provide IPv6 connectivity. So is
RFC1149. Your point?

I've been running IPv6 for years, and I still see *more* problems with
Legacy IP, for example morons filtering ICMP and breaking path MTU
discovery, than I ever do with IPv6. And often, IPv6 has allowed things
to keep working while Legacy IP is failing for some reason.

I strongly suspect that 8x RAM on the border routers is an exaggeration.
Do you have a reference for that figure?

 To find some conclusion at least for myself, as soon as deploying IPv6
 on End-Users is painless *and at least as secure as v4 with NAT* I'd
 think about to enable it - and happy to work on.

As long as we have that connection-tracking firewall, it *is* at least
as secure as Legacy IP.

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Brian J. Murrell]

On 12-04-23 06:51 PM, Michael Markstaller wrote:
 
 Agreed but lets get realisitic, my objectives (home, office 
 customers) are:
 1) security
 2) it works
 3) technically perfect

You forgot:

4) sustainable

Do you have children?  I suspect you don't.  Your lack of forward/future
thinking indicates that.  It's amazing how one's perspective of the
future changes when one starts thinking about the future of their
children rather than just their own present day happiness.

Likely you don't think we should be exploring alternative energies
either, right?  I mean why bother?  Gasoline is still flowing out of the
pumps today right?

 v6 only meets #3..

and #4, whereas IPv4 doesn't meet #4.

 a) It's a big security risk at first as noone really knows whats going
 on with IPv6 (at least on customer/user-side!)

It's no more of a security risk that IPv4 is.  Both are network
protocols that carry traffic to one's front-door so one ought to make
sure they have a good door lock.

b.



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Tue, 2012-04-24 at 07:04 -0400, Brian J. Murrell wrote:
 Do you have children?  I suspect you don't.  Your lack of
 forward/future thinking indicates that.  It's amazing how one's
 perspective of the future changes when one starts thinking about the
 future of their children rather than just their own present day
 happiness.

It's not even *forward* thinking. It's just plain *thinking* that's
lacking.

Legacy IP addresses are running out *now*. The last blocks have been
given out to the RIRs.

You might be able to connect a *client* in a half-arsed fashion using
NAT, and pretend that it's good enough. Millions already do, and they
try to paper over the various problems that NAT causes — with a
reasonable amount of success, even.

But what do you do about servers, and all kinds of other machines that
need to be accessible from the outside? 

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Emmanuel Deloget]

Le 24/04/2012 10:41, David Woodhouse a écrit :

On Tue, 2012-04-24 at 00:51 +0200, Michael Markstaller wrote:

a) It's a big security risk at first as noone really knows whats going
on with IPv6 (at least on customer/user-side!)


With respect, that's complete crap. The security implications are
exactly the same with IPv6 as with Legacy IP. By *default* for the home
user, you want a connection-tracking firewall that allows outbound-only
connections.


With respect too, allow me to throw my 2 cents on this specific point.

It seems you are still considering IPv6 as a protocol that will allow
you to communicate from one human controlled device to another human
controlled device (for a large definition of human controlled device:
web sites, routers, ...). But the target of IPv6 is machine-to-machine
communication. The human factor is limited to the high end spectrum of
IPv6 use - i.e. most situations where we're using IPv4.

Of course, personnal setups are not really an issue here, because you'll
not be a very interesting target. But companies, with more and more IP
devices, will have some difficulties to cope with the security issues
that will necessarily arise.

Consider this - not that far fetched - setup:

* 10,000 IPv6-addressable light bulbs, each of them controlled by a
  specialized SoC ; of course, you access the device using a wave-based
  connection (probably 802.15.4 or a ZigBee-based protocol in this case).
  Each batch of 1000 light bulb comes from a different vendor. That means
  you have at least 10 different light bulb vendors, each one with their
  own weaknesses.

* each light bulb runs a simple RT OS, and provide telnet access (because
  ssh is just too heavy for light bulbs).

If you have any security issue on any one of the 100 light bulb vendor
then you put your network infrastructure at risk.

When I say that this is not far fetched, I really mean it. ZigBee is
already avalaible on SoCs [1], and those SoCs are cheaper and cheaper.
A day will come where it will be of interest to use these SoCs to
provide connectivity on devices you don't even imagine yet (coffee
machines, light bulbs, emergency panels, alarm captors... name it, put
a SoC on it, and I can assure you that you'll find some commercial
interest in doing so).

Theory makes IPv6 attractive. But - as everything - the devil is in the
details. Regarding IPv6, our first reflexion tells us hey, that will
resolve an issue! good thing!. Problems are that many more will be
created, and we tend to forgot those. We have a duty to challenge our
assumptions: what looks better doesn't mean it's better. As of today,
IPv6 looks better, but there are tons of issues to resolve before we
can put it on production. Remember that the first IPv6 RFC is 14 years
old. From 1998 to today, most RFC dealt with resolving protocol issues
that certainly makes IPv6 better than IPv4 but that didn't exist in
IPv4 - and since IPv4 works, why one would change?

(I'm hearing a comment from the back of the room: IPv4 public address
space is full; well, not exactly: public IPv4 addresses have been
allocated by IANA to regional registrars. These registrars are still
selling IPv4 addresses to their customers - and these customers (mostly
ISP) also have a pool of still unallocated addresses - not to mention
that some organizations are making big bucks by reselling unused IPs.
There is no evidence that a pure B2B or B2C market will deplete the
IPv4 address space any time soon. The only problem with the IPv4 address
space is that it's too small for M2M communication.


Some people are naïve enough to think that NAT gives you some kind of
security. That's complete crap too.


Of course it does. Even if it's not the primary goal of NAT, it isolates
your network from the outside - not because you want to isolate it, but
because you cannot affort to spend hundreds of public IPv4 on your
corporate network. Security is not tied to NAT but still comes as a
by-product of NAT. The fact that you can punch through is what makes
NATing insufficient - but one things remain: from the outside, you
can't know what are the machine inside unless you enter. That's the
difference between being naked in your bathroom and being naked in a
public area. Sure, being naked in your bathroom doesn't mean that nobody
sees you - but to do so one must at least have a direct view on your
bathroom.

You may not agree with me, but I believe that hiding information from
a potential threat is better that providing these information. The
reason why I believe this is quite simple: unless you can assure me
that there is no bug on a specific platform, I cannot be sure that noone
will find any entry point to gain unauthorized access to this platform.
If you can prove me that the platform is 100% secure, then NATing the
platform doesn't make much sense if I can give it a public address.

This is a case of privacy helps security (a.k.a. security
by obscurity) that works (*). Unless you take control of one of 

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Dave Taht]

Would it be too much to ask for those expending time on this debate,
to expend a little extra time doing some code review and testing this
patch?

Or, like while the flames are being composed, merely sending data through it?

This particular patch improves ipv4 by over 10% especially when used
with the sfq and sfqred qdiscs, fixes encapsulation for ipsec (both
ipv4 and ipv6), and yes, more than doubles ipv6 performance on the
ag71xx.

Although simple in outline, it is pretty invasive into core bits of
the kernel. I wish it wasn't, but the alternatives (have the driver
rebuffer misaligned packets) were far worse for performance, and the
final patch isn't all that big.

I agree with felix's suggestion to not let __packed leak out of the
kernel headers, and will respin the patch for that. I'm dubious that
the check alignment and branch is actually all that useful in the ipv6
checksum code, too, on an arch with a small cache.

And I'm still trying to track down the last causes of traps in the
routing path, and several other ipv6 and ipv4 related bugs. I'm pretty
sure that the traps in the routing path have caused many a tcp reset
for me over the last year, under load.

http://www.bufferbloat.net/projects/cerowrt/issues/371

http://www.bufferbloat.net/projects/cerowrt/issues

http://www.bufferbloat.net/projects/cerowrt/issues/360


-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Gert Doering]

Hi,

On Tue, Apr 24, 2012 at 03:23:50PM +0200, Emmanuel Deloget wrote:
 There is no evidence that a pure B2B or B2C market will deplete the
 IPv4 address space any time soon. The only problem with the IPv4 address
 space is that it's too small for M2M communication.

Asia-PAC has *already* run out of IPv4 addresses at the RIR (APNIC)
in May 2011, and the first Telcos are *already* not giving their customers
IPv4 addresses anymore.  RIPE land (Europe and near East) will run
out approximately in August, and the first large-scale carriers are
already buying and deploying carrier-grade NAT44 boxes to work around 
IPv4 shortage.

I'm perfectly fine with people not liking IPv6 for a number of reasons
(I have my own list), but this isn't going to change the numbers.  
7 billion humans on earth, 4 billion IPv4 addresses - whatever we do, it 
will just delay the inevitable (rearranging deck chairs on the titanic).

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpHSrElN8MPL.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Gert Doering]

Hi,

On Mon, Apr 23, 2012 at 01:49:18AM +0200, Michael Markstaller wrote:
 Appreciate your work really but just my 5ct: noone needs IPv6 if not in
 search for troubles or many new (security)-problems.

Welcome to the 21st century.  

There are ISPs in Asia today(!) that *will* *not* give you an IPv4 address,
because they have none left.

 I love the --disable-ipv6 switch, please keep it working without this
 experiment, I guess there are many other fields to work on - with more
 relationship to real-life :o

IPv6 is most relevant to real-life.  

Many of the problems we see in IPv6 deployments are caused exactly by 
this attitude - instead of *using* it and fixing the problems that are 
still left, disabling it and hoping that it won't be needed before 
personal retirement.  This won't get any of the issues fixed, and one
day you'll find yourself in need of IPv6, and the problems are still
there.

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpGLg8CjygRJ.pgp
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Michael Markstaller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

though really OT, its a really important point for a Router-Distro
as which I love OpenWRT; so I'd want to explain my point.
And I also read the RIPE-lists where I often have to swallow *not* to
respond to all those IPv6-hurrays which arent present in real world IMHO..

First of all, don't get me wrong, I'm technically not against IPv6,
we're even offering it for customers (without any extra-price on top)
it's just a fact that 0,000% ever asked for (or would pay a cent more
for having it), because 100% are running v4..

Am 23.04.2012 11:26, schrieb Gert Doering:
 There are ISPs in Asia today(!) that *will* *not* give you an IPv4
 address, because they have none left.
Ok, but I have over 10 sites far east with IPv4 running.. not
representative/much but well, it works right herenow.
And I'm sure they have some measures to reach 99% of the Internet on
this planet through IPv4.. (I remember the IPv6-day last year, it was
funny, even Google failed 30-50%..)
OTOH, none of my upstreams gives me native IPv6, only tunnel-crap at
best (I won't name them, AS42283 for anyone who could Google/read BGP..)
So give me one reason to change Upstream, make me 2 weeks of work and
maybe pay more, just to be able to participate in this big experiment.

 IPv6 is most relevant to real-life.
I came along without so far ;) Though, again, I could have it running,
just don't want as I see no need and many risks/problems..

 Many of the problems we see in IPv6 deployments are caused exactly
 by this attitude
Agreed but lets get realisitic, my objectives (home, office 
customers) are:
1) security
2) it works
3) technically perfect

v6 only meets #3..

Do you expect any DSL user or Soho-Admin which doesn't even understand
what an (IPv4) Subnet-mask is to understand that..

a) It's a big security risk at first as noone really knows whats going
on with IPv6 (at least on customer/user-side!)
So the first thing before even considering it, is the Firewall on the
router (here: OpenWRT) should be at least as closed as for IPv4 with
NAT by default. Is it? Or whats happens if John Doe gets assigned a
/64 or John Does Company a /48?
Anyone on this planet could Airplay in her/his home, funny :p
They are at first widely open, with current OS's having IPv6 happily
enabled by default. Thats IMHO a real problem.. I spend more time
telling my customers what this really means than why they need v6
sometime in future..

That beams the Internet back to 1990, where you just trusted that the
others won't do no harm anyway, the only current protection is IMHO
that noone knows, how to exploit it..

b) As you mentioned in later posts, it's a pain mixed with more pain,
6to4, 6rd, causes timeouts, problems, troubles (how do I teach that my
6 Cisco Border-Routers? oh well I could buy new ones with 8x RAM
etc..)- which end-user wants them and - who pays for? Noone..

To find some conclusion at least for myself, as soon as deploying IPv6
on End-Users is painless *and at least as secure as v4 with NAT* I'd
think about to enable it - and happy to work on.
But really, currently I dont see this on the horizon.

Michael
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+V3O0ACgkQaWRHV2kMuAJo8wCfW8NxeKWuO1TLf+uCcMX9M0WV
It4AoKaSiswc9vLWuQaGbanOWpojq7Bg
=FrSy
-END PGP SIGNATURE-
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Dave Taht]

On Sun, Apr 22, 2012 at 2:48 PM, Dave Täht dave.t...@bufferbloat.net wrote:
 This updates the existing unaligned_access_hacks patch to
 reduce unalignment traps to nearly zero for ipv4 and ipv6,
 in the normal path, in encapsulation, for native apps,
 and in the qdiscs.

While I have tested these patches for several days now,
I have not tested them in the default openwrt 'bridged' environment,
and they could use more testing as well as a better
before/after comparison for ipv4 and ipv6 performance
vs a vs wireless.

Certainly they won big on ipv6...

If you prefer patches free of being mangled by email, see:

http://huchra.bufferbloat.net/~d/for_openwrt/



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[David Woodhouse]

On Mon, 2012-04-23 at 02:22 +0200, Michael Markstaller wrote:
 Am 23.04.2012 01:52, schrieb Dave Taht:
  It should keep working with the --disable-ipv6 switch.
 
 That sounds good ;)
 Again: I appreciate your work from a technical point of view, also
 understand this might be good at some point in (far) future but I'm
 struggling more to get a stableperformant AP with 802.11n/IPv4 right
 now ;)
 I know this is OT, so please take this just as my 5ct..

Have you just fallen through a timewarp from some time in the 20th
century?

Here in the 21st century, Legacy IP addresses are running out.

-- 
dwmw2


smime.p7s
Description: S/MIME cryptographic signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/2] Comprehensive ipv4 and ipv6 unaligned access patch for ar71xx

[Michael Markstaller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 Here in the 21st century, Legacy IP addresses are running out.

Really, where ? :p
This story is told for 10yrs now..

And if, lets get get back some /8 from someone using them for 500
hosts instead of NAT and we're off for pretty some time..

Michael
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+UpXEACgkQaWRHV2kMuAIq5wCdFuj+d+WvAdPDA71H3SzOKe9y
aOcAniEc/0u6N8n0U2Xg+njTHtvtBfNF
=Nk8t
-END PGP SIGNATURE-
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel