lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Aug 2012 17:55:04 -0700 From: Bob Gilligan <gilligan@...stanetworks.com> To: netdev@...r.kernel.org Subject: [PATCH 1/2] ipv4: Improve the scaling of the ARP cache for multicast destinations. The ARP cache maintains entries for both unicast and multicast IPv4 next-hop destinations. The MAC addresses for unicast destinations are determined by running the ARP protocol, but those for multicast destinations are determined by a simple direct mapping from the destination IPv4 multicast address. Currently, the ARP cache maintains one entry for each IPv4 multicast destination for each interface that has members in that group. On a multicast router that is forwarding traffic for many groups via many interfaces, the number of ARP cache entries for multicast destinations can become large. It could be as many as: (number of interfaces) * (number of groups). Beside using a great deal of memory, these entries consume space in the ARP cache that could otherwise be occupied by unicast entries, makeing it more likely that the ARP cache will become full. The mapping from multicast IPv4 address to MAC address can just as easily be done at the time a packet is to be sent. With this change, we maintain one ARP cache entry for each interface that has at least one multicast group member. All routes to IPv4 multicast destinations via a particular interface use the same ARP cache entry. This entry does not store the MAC address to use. Instead, packets for multicast destinations go to a new output function that maps the destination IPv4 multicast address into the MAC address and forms the MAC header. Signed-off-by: Bob Gilligan <gilligan@...stanetworks.com> --- net/ipv4/arp.c | 49 +++++++++++++++++++++++++++++++++++++++++++++---- net/ipv4/route.c | 14 ++++++++++++-- 2 files changed, 57 insertions(+), 6 deletions(-) Index: b/net/ipv4/arp.c =================================================================== --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -126,6 +126,7 @@ static int arp_constructor(struct neighb static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb); static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb); static void parp_redo(struct sk_buff *skb); +static int arp_multicast_output(struct neighbour *neigh, struct sk_buff *skb); static const struct neigh_ops arp_generic_ops = { .family = AF_INET, @@ -157,6 +158,13 @@ static const struct neigh_ops arp_broken .connected_output = neigh_compat_output, }; +static const struct neigh_ops arp_multicast_ops = { + .family = AF_INET, + .error_report = arp_error_report, + .output = arp_multicast_output, + .connected_output = arp_multicast_output, +}; + struct neigh_table arp_tbl = { .family = AF_INET, .key_len = 4, @@ -217,6 +225,38 @@ static u32 arp_hash(const void *pkey, return arp_hashfn(*(u32 *)pkey, dev, *hash_rnd); } + +/* + * Output function for IPv4 multicast destinations. We map the + * next-hop address directly into the destination MAC addr here so + * that we don't have to store it in the ARP cache entry. This allows + * routes for multiple multicast destinations to share a single ARP + * cache entry. + */ +static int arp_multicast_output(struct neighbour *neigh, struct sk_buff *skb) +{ + int err; + struct dst_entry *dst = skb_dst(skb); + struct rtable *rt = (struct rtable *)dst; + struct net_device *dev = neigh->dev; + unsigned char ha[ALIGN(MAX_ADDR_LEN, sizeof(unsigned long))]; + + __skb_pull(skb, skb_network_offset(skb)); + + arp_mc_map(rt->rt_gateway, ha, dev, 1); + + err = dev_hard_header(skb, dev, ntohs(skb->protocol), ha, NULL, + skb->len); + if (err >= 0) + err = dev_queue_xmit(skb); + else { + err = -EINVAL; + kfree_skb(skb); + } + return err; +} + + static int arp_constructor(struct neighbour *neigh) { __be32 addr = *(__be32 *)neigh->primary_key; @@ -287,10 +327,9 @@ static int arp_constructor(struct neighb #endif } #endif - if (neigh->type == RTN_MULTICAST) { + if (neigh->type == RTN_MULTICAST) neigh->nud_state = NUD_NOARP; - arp_mc_map(addr, neigh->ha, dev, 1); - } else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) { + else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) { neigh->nud_state = NUD_NOARP; memcpy(neigh->ha, dev->dev_addr, dev->addr_len); } else if (neigh->type == RTN_BROADCAST || @@ -299,7 +338,9 @@ static int arp_constructor(struct neighb memcpy(neigh->ha, dev->broadcast, dev->addr_len); } - if (dev->header_ops->cache) + if (neigh->type == RTN_MULTICAST) + neigh->ops = &arp_multicast_ops; + else if (dev->header_ops->cache) neigh->ops = &arp_hh_ops; else neigh->ops = &arp_generic_ops; Index: b/net/ipv4/route.c =================================================================== --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1114,6 +1114,7 @@ static int slow_chain_length(const struc static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, const void *daddr) { static const __be32 inaddr_any = 0; + static const __be32 inaddr_unspec_group = htonl(INADDR_UNSPEC_GROUP); struct net_device *dev = dst->dev; const __be32 *pkey = daddr; const struct rtable *rt; @@ -1123,8 +1124,17 @@ static struct neighbour *ipv4_neigh_look if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT)) pkey = &inaddr_any; - else if (rt->rt_gateway) - pkey = (const __be32 *) &rt->rt_gateway; + else { + if (rt->rt_gateway) + pkey = (const __be32 *) &rt->rt_gateway; + if (pkey && ipv4_is_multicast(*pkey)) + /* + * Map all multicast destinations to a single + * address so tht they share a single ARP + * cache entry per interface. + */ + pkey = &inaddr_unspec_group; + } n = __ipv4_neigh_lookup(dev, *(__force u32 *)pkey); if (n) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists