[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Mon, 01 Oct 2007 22:10:03 +0200
From: Eric Dumazet <dada1@...mosbay.com>
To: Denys <nuclearcat@...learcat.com>,
"David S. Miller" <davem@...emloft.net>
Subject: Re: 2.6.21 -> 2.6.22 & 2.6.23-rc8 performance regression
So maybe the following patch is necessary...
I believe IPV6 & DCCP are immune to this problem.
Thanks again Denys for spotting this.
Eric
[PATCH] TCP : secure_tcp_sequence_number() should not use a too fast clock
TCP V4 sequence numbers are 32bits, and RFC 793 assumed a 250 KHz clock.
In order to follow network speed increase, we can use a faster clock, but
we should limit this clock so that the delay between two rollovers is
greater than MSL (TCP Maximum Segment Lifetime : 2 minutes)
Choosing a 64 nsec clock should be OK, since the rollovers occur every
274 seconds.
Problem spotted by Denys Fedoryshchenko
Signed-off-by: Eric Dumazet <dada1@...mosbay.com>
--- linux-2.6.22/drivers/char/random.c 2007-10-01 10:18:42.000000000 +0200
+++ linux-2.6.22-ed/drivers/char/random.c 2007-10-01 21:47:58.000000000 +0200
@@ -1550,11 +1550,13 @@ __u32 secure_tcp_sequence_number(__be32
* As close as possible to RFC 793, which
* suggests using a 250 kHz clock.
* Further reading shows this assumes 2 Mb/s networks.
- * For 10 Gb/s Ethernet, a 1 GHz clock is appropriate.
- * That's funny, Linux has one built in! Use it!
- * (Networks are faster now - should this be increased?)
+ * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
+ * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
+ * we also need to limit the resolution so that the u32 seq
+ * overlaps less than one time per MSL (2 minutes).
+ * Choosing a clock of 64 ns period is OK. (period of 274 s)
*/
- seq += ktime_get_real().tv64;
+ seq += ktime_get_real().tv64 >> 6;
#if 0
printk("init_seq(%lx, %lx, %d, %d) = %d\n",
saddr, daddr, sport, dport, seq);
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux