Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.8 2012-07-30T21:53:21Z 2012-07-30T21:53:21Z Eric Dumazet edumazet@google.com 2012-07-29T21:06:13Z urn:sha1:cca32e4bf999a34ac08d959f351f2b30bcd02460 early_demux() handlers should be called in RCU context, and as we use skb_dst_set_noref(skb, dst), caller must not exit from RCU context before dst use (skb_dst(skb)) or release (skb_drop(dst)) Therefore, rcu_read_lock()/rcu_read_unlock() pairs around ->early_demux() are confusing and not needed : Protocol handlers are already in an RCU read lock section. (__netif_receive_skb() does the rcu_read_lock() ) Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-26T22:50:39Z Eric Dumazet edumazet@google.com 2012-07-26T12:18:11Z urn:sha1:c7109986db3c945f50ceed884a30e0fd8af3b89b This is the IPv6 missing bits for infrastructure added in commit 41063e9dd1195 (ipv4: Early TCP socket demux.) Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-26T22:50:39Z David S. Miller davem@davemloft.net 2012-07-26T11:14:38Z urn:sha1:c6cffba4ffa26a8ffacd0bb9f3144e34f20da7de With the routing cache removal we lost the "noref" code paths on input, and this can kill some routing workloads. Reinstate the noref path when we hit a cached route in the FIB nexthops. With help from Eric Dumazet. Reported-by: Alexander Duyck <alexander.duyck@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-24T20:54:15Z Eric Dumazet edumazet@google.com 2012-07-24T01:19:31Z urn:sha1:9cb429d692b341e972b12e6cd097364050ebbb26 1) Remove a non needed pskb_may_pull() in tcp_v4_early_demux() and fix a potential bug if skb->head was reallocated (iph & th pointers were not reloaded) TCP stack will pull/check headers anyway. 2) must reload iph in ip_rcv_finish() after early_demux() call since skb->head might have changed. 3) skb->dev->ifindex can be now replaced by skb->skb_iif Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-07-20T20:30:59Z David Miller davem@davemloft.net 2012-07-01T02:02:53Z urn:sha1:38a424e4657462fe9f8b76f01a0e879abde99ab4 The "noref" argument to ip_route_input_common() is now always ignored because we do not cache routes, and in that case we must always grab a reference to the resulting 'dst'. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-06-28T05:01:22Z David S. Miller davem@davemloft.net 2012-06-28T05:01:22Z urn:sha1:160eb5a6b14ca2eab5c598bdbbb24c24624bad34 It's completely unnecessary. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-06-28T00:05:06Z David S. Miller davem@davemloft.net 2012-06-28T00:05:06Z urn:sha1:c10237e077cef50e925f052e49f3b4fead9d71f9 This reverts commit c074da2810c118b3812f32d6754bd9ead2f169e7. This change has several unwanted side effects: 1) Sockets will cache the DST_NOCACHE route in sk->sk_rx_dst and we'll thus never create a real cached route. 2) All TCP traffic will use DST_NOCACHE and never use the routing cache at all. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-06-27T22:34:24Z Eric Dumazet edumazet@google.com 2012-06-26T23:14:15Z urn:sha1:c074da2810c118b3812f32d6754bd9ead2f169e7 DDOS synflood attacks hit badly IP route cache. On typical machines, this cache is allowed to hold up to 8 Millions dst entries, 256 bytes for each, for a total of 2GB of memory. rt_garbage_collect() triggers and tries to cleanup things. Eventually route cache is disabled but machine is under fire and might OOM and crash. This patch exploits the new TCP early demux, to set a nocache boolean in case incoming TCP frame is for a not yet ESTABLISHED or TIMEWAIT socket. This 'nocache' boolean is then used in case dst entry is not found in route cache, to create an unhashed dst entry (DST_NOCACHE) SYN-cookie-ACK sent use a similar mechanism (ipv4: tcp: dont cache output dst for syncookies), so after this patch, a machine is able to absorb a DDOS synflood attack without polluting its IP route cache. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-06-26T23:27:09Z David S. Miller davem@davemloft.net 2012-06-26T23:27:09Z urn:sha1:251da4130115b29403a57096fa0988249f31fc55 And account for the fact that, when we are not forwarding, we should bump statistic counters rather than emit an ICMP response. RP-filter rejected lookups are still not cached. Since -EHOSTUNREACH and -ENETUNREACH can now no longer be seen in ip_rcv_finish(), remove those checks. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-06-23T00:11:13Z Alexander Duyck alexander.h.duyck@intel.com 2012-06-21T13:58:31Z urn:sha1:6648bd7e0e62c0c8c03b15e00c9e7015e232feff This change is meant to add a control for disabling early socket demux. The main motivation behind this patch is to provide an option to disable the feature as it adds an additional cost to routing that reduces overall throughput by up to 5%. For example one of my systems went from 12.1Mpps to 11.6 after the early socket demux was added. It looks like the reason for the regression is that we are now having to perform two lookups, first the one for an established socket, and then the one for the routing table. By adding this patch and toggling the value for ip_early_demux to 0 I am able to get back to the 12.1Mpps I was previously seeing. [ Move local variables in ip_rcv_finish() down into the basic block in which they are actually used. -DaveM ] Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>