linux/include/net/protocol.h, branch v3.6 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.6 2012-07-26T22:50:39Z ipv6: Early TCP socket demux 2012-07-26T22:50:39Z Eric Dumazet edumazet@google.com 2012-07-26T12:18:11Z urn:sha1:c7109986db3c945f50ceed884a30e0fd8af3b89b This is the IPv6 missing bits for infrastructure added in commit 41063e9dd1195 (ipv4: Early TCP socket demux.) Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> ipv4: Kill early demux method return value. 2012-06-28T05:01:22Z David S. Miller davem@davemloft.net 2012-06-28T05:01:22Z urn:sha1:160eb5a6b14ca2eab5c598bdbbb24c24624bad34 It's completely unnecessary. Signed-off-by: David S. Miller <davem@davemloft.net> Revert "ipv4: tcp: dont cache unconfirmed intput dst" 2012-06-28T00:05:06Z David S. Miller davem@davemloft.net 2012-06-28T00:05:06Z urn:sha1:c10237e077cef50e925f052e49f3b4fead9d71f9 This reverts commit c074da2810c118b3812f32d6754bd9ead2f169e7. This change has several unwanted side effects: 1) Sockets will cache the DST_NOCACHE route in sk->sk_rx_dst and we'll thus never create a real cached route. 2) All TCP traffic will use DST_NOCACHE and never use the routing cache at all. Signed-off-by: David S. Miller <davem@davemloft.net> ipv4: tcp: dont cache unconfirmed intput dst 2012-06-27T22:34:24Z Eric Dumazet edumazet@google.com 2012-06-26T23:14:15Z urn:sha1:c074da2810c118b3812f32d6754bd9ead2f169e7 DDOS synflood attacks hit badly IP route cache. On typical machines, this cache is allowed to hold up to 8 Millions dst entries, 256 bytes for each, for a total of 2GB of memory. rt_garbage_collect() triggers and tries to cleanup things. Eventually route cache is disabled but machine is under fire and might OOM and crash. This patch exploits the new TCP early demux, to set a nocache boolean in case incoming TCP frame is for a not yet ESTABLISHED or TIMEWAIT socket. This 'nocache' boolean is then used in case dst entry is not found in route cache, to create an unhashed dst entry (DST_NOCACHE) SYN-cookie-ACK sent use a similar mechanism (ipv4: tcp: dont cache output dst for syncookies), so after this patch, a machine is able to absorb a DDOS synflood attack without polluting its IP route cache. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net> ipv4: Early TCP socket demux. 2012-06-20T04:22:05Z David S. Miller davem@davemloft.net 2012-06-20T04:22:05Z urn:sha1:41063e9dd11956f2d285e12e4342e1d232ba0ea2 Input packet processing for local sockets involves two major demuxes. One for the route and one for the socket. But we can optimize this down to one demux for certain kinds of local sockets. Currently we only do this for established TCP sockets, but it could at least in theory be expanded to other kinds of connections. If a TCP socket is established then it's identity is fully specified. This means that whatever input route was used during the three-way handshake must work equally well for the rest of the connection since the keys will not change. Once we move to established state, we cache the receive packet's input route to use later. Like the existing cached route in sk->sk_dst_cache used for output packets, we have to check for route invalidations using dst->obsolete and dst->ops->check(). Early demux occurs outside of a socket locked section, so when a route invalidation occurs we defer the fixup of sk->sk_rx_dst until we are actually inside of established state packet processing and thus have the socket locked. Signed-off-by: David S. Miller <davem@davemloft.net> inet: Sanitize inet{,6} protocol demux. 2012-06-20T01:56:21Z David S. Miller davem@davemloft.net 2012-06-20T01:56:21Z urn:sha1:f9242b6b28d61295f2bf7e8adfb1060b382e5381 Don't pretend that inet_protos[] and inet6_protos[] are hashes, thay are just a straight arrays. Remove all unnecessary hash masking. Document MAX_INET_PROTOS. Use RAW_HTABLE_SIZE when appropriate. Reported-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net> net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11T23:25:16Z Eric Dumazet eric.dumazet@gmail.com 2011-12-10T09:48:31Z urn:sha1:dfd56b8b38fff3586f36232db58e1e9f7885a605 Instead of testing defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> net: introduce and use netdev_features_t for device features sets 2011-11-16T22:43:10Z Michał Mirosław mirq-linux@rere.qmqm.pl 2011-11-15T15:29:55Z urn:sha1:c8f44affb7244f2ac3e703cab13d55ede27621bb v2: add couple missing conversions in drivers split unexporting netdev_fix_features() implemented %pNF convert sock::sk_route_(no?)caps Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: David S. Miller <davem@davemloft.net> net: change netdev->features to u32 2011-01-24T23:32:47Z Michał Mirosław mirq-linux@rere.qmqm.pl 2011-01-24T23:32:47Z urn:sha1:04ed3e741d0f133e02bed7fa5c98edba128f90e7 Quoting Ben Hutchings: we presumably won't be defining features that can only be enabled on 64-bit architectures. Occurences found by `grep -r` on net/, drivers/net, include/ [ Move features and vlan_features next to each other in struct netdev, as per Eric Dumazet's suggestion -DaveM ] Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl> Signed-off-by: David S. Miller <davem@davemloft.net> net: add __rcu annotations to protocol 2010-10-27T18:37:31Z Eric Dumazet eric.dumazet@gmail.com 2010-10-25T21:02:28Z urn:sha1:e0ad61ec867fdd262804afa7a68e11fc9930c2b9 Add __rcu annotations to : struct net_protocol *inet_protos struct net_protocol *inet6_protos And use appropriate casts to reduce sparse warnings if CONFIG_SPARSE_RCU_POINTER=y Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>