Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2517551pxj;
        Mon, 31 May 2021 04:21:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwStHQPqtn6pZuClh+dwmXzmnpgqbqtIBY/5yUuDbS86TZL7f0FII9YsDwXpNswg9EZdDNc
X-Received: by 2002:a02:5142:: with SMTP id s63mr19756591jaa.82.1622460096157;
        Mon, 31 May 2021 04:21:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1622460096; cv=none;
        d=google.com; s=arc-20160816;
        b=pN2//7iaRTlwCckvGLDPoaUvzXhkYZZcXO/ZWIQYRuG/OEE/lOEEojR8JW4ppDdH2l
         DNTaMWC4vIxS9cFe5TB7kvkCQtr+jUEBAfqLdouf6zBndCr8yTsrGXNASWG0rNsxA4OL
         JRPcxbkXreRfDYT9nRdDheMqp5zSKfehui+RONBtX+660MKHbrXbG7uGA/xvojyTcPgj
         USNhEYw2NrngSCXvag/640O5xuE2m+E10+dIsBYoA9n0yasvJpTxPSzjmWpjT+GFOSo1
         WIlsxUXgctryTUAZ8IF8qBW2LzLPf4YwVw5o96QrnUgRvKE0e0Df7Lj2b7CqxScelKtS
         6yAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=OS17mbFb2oo45TIWT3My42OpjNutIFYsC3g0Kb3uvgU=;
        b=d+DDlt7wv6ck/WpHZqXDaWlKw6TGkxKrSF1+W+YYfgWa40C5JuRjfa9EG12X+mYlhx
         9oPezIHtaR7EriBZXMIgPFsOe6Yhz08Uqo6itt/oQQy0cua7pxdJ1kCFk+RQrmoZ5iM4
         s7K67CigyBPsZoBJidFydfwidfSs6s8gUwQwAMVxMdXeoxzdpEbF+ZW6tXqVwTRrcP3i
         YfWtOrGvFNXwF6XlVnuuGKCJdRqYKsGLrOL9if621lcWbVRGB9mj6zgVI863QvDChoBD
         efKjsGuqkTb38whdgCZ8v29/OSjVTGMfEvFFzrGUVubdGWl7jcTPzJ9C40IXyYx+Jg8w
         73aA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y15si14932763ill.101.2021.05.31.04.21.22;
        Mon, 31 May 2021 04:21:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231409AbhEaLWU (ORCPT <rfc822;luke.ovalle@gmail.com>
        + 99 others); Mon, 31 May 2021 07:22:20 -0400
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:55441 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S230521AbhEaLWR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 May 2021 07:22:17 -0400
Received: (from willy@localhost)
        by pcw.home.local (8.15.2/8.15.2/Submit) id 14VBJfc3009627;
        Mon, 31 May 2021 13:19:41 +0200
Date:   Mon, 31 May 2021 13:19:40 +0200
From:   Willy Tarreau <w@1wt.eu>
To:     David Laight <David.Laight@aculab.com>
Cc:     "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        David Miller <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Amit Klein <aksecurity@gmail.com>,
        Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH net-next] ipv6: use prandom_u32() for ID generation
Message-ID: <20210531111940.GA9609@1wt.eu>
References: <20210529110746.6796-1-w@1wt.eu>
 <e4cc31c1fead46b3aa1132937a720da2@AcuMS.aculab.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <e4cc31c1fead46b3aa1132937a720da2@AcuMS.aculab.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 31, 2021 at 10:41:18AM +0000, David Laight wrote:
> The problem is that, on average, 1 in 2^32 packets will use
> the same id as the previous one.
> If a fragment of such a pair gets lost horrid things are
> likely to happen.
> Note that this is different from an ID being reused after a
> count of packets or after a time delay.

I'm well aware of this, as this is something we discussed already
for IPv4 and which I objected to for the same reason (except that
it's 1/2^16 there).

With that said, the differences with IPv4 are significant here,
because you won't fragment below 1280 bytes per packet, which
means the issue could happen every 5 terabytes of fragmented
losses (or reorders). I'd say that in the worst case you're
using load-balanced links with some funny LB algorithm that
ensures that every second fragment is sent on the same link
as the previous packet's first fragment. This is the case where
you could provoke a failure every 5 TB. But then you're still
subject to UDP's 16-bit checksumm so in practice you're seeing
a failure every 320 PB. Finally it's the same probability as
getting both TCP csum + Ethernet CRC correct on a failure,
except that here it applies only to large fragments while with
TCP/eth it applies to any packet.

> So you still need something to ensure IDs aren't reused immediately.

That's what I initially did for IPv4 but Amit could exploit this
specific property. For example it makes it easier to count flows
behind NAT when there is a guaranteed distance :-/  We even tried
with a smooth, non-linear distribution, but that made no difference,
it remained observable.

Another idea we had in mind was to keep small increments for local
networks and use full randoms only over routers (since fragments
are rare and terribly unreliable on the net), but that would involve
quite significant changes for very little benefit compared to the
current option in the end.

Regards,
Willy