lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Jul 2012 08:35:44 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	eric.dumazet@...il.com
Cc:	netdev@...r.kernel.org, therbert@...gle.com, wsommerfeld@...gle.com
Subject: Re: [PATCH net-next] ipv4: tcp: remove per net tcp_sock

From: Eric Dumazet <eric.dumazet@...il.com>
Date: Thu, 19 Jul 2012 10:58:52 +0200

> From: Eric Dumazet <edumazet@...gle.com>
> 
> tcp_v4_send_reset() and tcp_v4_send_ack() use a single socket
> per network namespace.
> 
> This leads to bad behavior on multiqueue NICS, because many cpus
> contend for the socket lock and once socket lock is acquired, extra
> false sharing on various socket fields slow down the operations.
> 
> To better resist to attacks, we use a percpu socket. Each cpu can
> run without contention, using appropriate memory (local node)
> 
> Additional features :
> 
> 1) We also mirror the queue_mapping of the incoming skb, so that
> answers use the same queue if possible.
> 
> 2) Setting SOCK_USE_WRITE_QUEUE socket flag speedup sock_wfree()
> 
> 3) We now limit the number of in-flight RST/ACK [1] packets
> per cpu, instead of per namespace, and we honor the sysctl_wmem_default
> limit dynamically. (Prior to this patch, sysctl_wmem_default value was
> copied at boot time, so any further change would not affect tcp_sock
> limit)
> 
> 
> [1] These packets are only generated when no socket was matched for
> the incoming packet.
> 
> Reported-by: Bill Sommerfeld <wsommerfeld@...gle.com>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>

Looks great, applied, thanks Eric.

> @@ -2624,13 +2624,11 @@ EXPORT_SYMBOL(tcp_prot);
>  
>  static int __net_init tcp_sk_init(struct net *net)
>  {
> -	return inet_ctl_sock_create(&net->ipv4.tcp_sock,
> -				    PF_INET, SOCK_RAW, IPPROTO_TCP, net);
> +	return 0;
>  }
>  
>  static void __net_exit tcp_sk_exit(struct net *net)
>  {
> -	inet_ctl_sock_destroy(net->ipv4.tcp_sock);
>  }
>  
>  static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)

If these no longer really do anything, just send me a patch to kill
them off entirely.

Thanks again.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ