lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20061031.013154.122620846.davem@davemloft.net>
Date:	Tue, 31 Oct 2006 01:31:54 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	peter.hicks@...gs.co.uk
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Thousands of interfaces

From: Peter Hicks <peter.hicks@...gs.co.uk>
Date: Tue, 31 Oct 2006 09:25:50 +0000

[ Discussion belongs on netdev@...r.kernel.org, added to CC: ]

> I have a dual 3GHz Xeon machine with a 2.4.21 kernel and thousands (15k+) of
> ipip tunnel interfaces.  These are being used to tunnel traffic from remote
> routers, over a private network, and handed off to a third party.
 ...
> Is it possible to speed up creation of the interfaces?  Currently it takes
> around 24 hours.  Is there are more efficient way to handle a very large
> number of IP-IP tunnels?  Would upgrading to a 2.6 kernel be of use?

We just simply never imagined people would use IP tunnels on
this scale.

The following kernel patch is a quick hack that will get things to
work quickly for you, but longer term we need to add dynamic hash
table growth to this thing (and SIT tunnel, and IP GRE tunnel,
etc. etc. etc.)

diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 0c45565..78055cf 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -117,8 +117,8 @@ #include <net/ipip.h>
 #include <net/inet_ecn.h>
 #include <net/xfrm.h>
 
-#define HASH_SIZE  16
-#define HASH(addr) ((addr^(addr>>4))&0xF)
+#define HASH_SIZE  16384
+#define HASH(addr) ((addr^(addr>>14))&(HASH_SIZE - 1))
 
 static int ipip_fb_tunnel_init(struct net_device *dev);
 static int ipip_tunnel_init(struct net_device *dev);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ