| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jun 2012 10:23:04 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH] ipv4: Remove unnecessary code from rt_check_expire(). On Tue, 2012-06-26 at 00:46 -0700, David Miller wrote: > And for legitimate traffic it's completely the wrong thing to do. > > There is absolutely zero reason to pure valid entries when hash chains > average length of one. > > I've been monitoring routing cache activity, and it's the height of > stupidity. Every 5 minutes we pure, and then they all get regenerated > again. > Thats because gc_interval (60) is big compared to ip_rt_gc_timeout (300) So each time rt_check_expire() triggers, we handle a big part of the cache. On big servers I had to lower gc_interval to smooth things. Garbage collect is needed to not waste kernel memory, even on legitimate traffic on a typical web server. Taken from my 8GB machine : # cat /proc/sys/net/ipv4/route/gc_thresh 262144 320 bytes per dst : 262144*320 = 83886080 bytes to store one dst per hash chain. Also, why keeping a dst in cache if no traffic uses it in a 5 minutes period ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists