netinet: Generate a random RSS key on boot.
Submitted by: Neel Chauhan <neel AT neelc DOT org>
neel_neelc.org on May 24 2020, 8:58 PM.Authored by
I have a vague memory, maybe wrong, that commonly used fixed RSS keys were selected because they had some property (-ies).
I believe Linux just uses random keys:
However, DPDK uses something called "MAXIMALLY EQUIDISTRIBUTEDCOMBINED LFSR GENERATORS" (paper: https://www.ams.org/journals/mcom/1999-68-225/S0025-5718-99-01039-X/S0025-5718-99-01039-X.pdf):
i remember there was some concern in the past where there were very bad rss key choices out there. is there a reason for actually pushing for a random rss key?
I stuck with the microsoft rss key (and a symmetric rss key at norse) specifically so there wouldn't be boot to boot variation in traffic patterns when doing testing/evaluation.
At stormshield we are using a similar hand-made patch so i can give you some feedback about this feature.
We support symmetric and non-symmetric static or random rss key, using the following systctls:
We were also forced to add a reseed sysctl proc after noticing that the initial entropy is too low during rss key init, and we call it after boot just before loading our network kernel modules. Before this we had some product that were using RSS key that fail to provide proper distribution of packets. This change was made before we start using the initial entropy feature of the loader so i am not sure if it is still relevant.
If some of you have interest i can share our patch (in private) which only support the rss_getkey() API and not all the other rss_xxx functions has we are not using them in our codebase.
Damien for Stormshield.