| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081018133028.GA13861@hmsreliant.think-freely.org> Date: Sat, 18 Oct 2008 09:30:28 -0400 From: Neil Horman <nhorman@...driver.com> To: Eric Dumazet <dada1@...mosbay.com> Cc: David Miller <davem@...emloft.net>, billfink@...dspring.com, netdev@...r.kernel.org, kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net, johnpol@....mipt.ru, Stephen Hemminger <shemminger@...tta.com> Subject: Re: [PATCH] net: implement emergency route cache rebulds when gc_elasticity is exceeded On Sat, Oct 18, 2008 at 06:36:10AM +0200, Eric Dumazet wrote: > Neil Horman a écrit : >> Sorry for the additional noise, but Eric just pointed out that I'd missed an >> email from him and consequently a few comments. I've made the appropriate >> updates in this patch, which is otherwise unchanged. The only comment I'd >> skipped was the request for an additional stat in /proc/net/stat/rt_cache for a >> per net rebuild count. I figure thats a good break point to submit an >> additional follow on patch for. > > OK, yet an admin cannot know if its route cache is disabled or not... > Right its can be addressed in a follow path. > >> >> This is a patch to provide on demand route cache rebuilding. Currently, our >> route cache is rebulid periodically regardless of need. This introduced >> unneeded periodic latency. This patch offers a better approach. Using code >> provided by Eric Dumazet, we compute the standard deviation of the average hash >> bucket chain length while running rt_check_expire. Should any given chain >> length grow to larger that average plus 4 standard deviations, we trigger an >> emergency hash table rebuild for that net namespace. This allows for the common >> case in which chains are well behaved and do not grow unevenly to not incur any >> latency at all, while those systems (which may be being maliciously attacked), >> only rebuild when the attack is detected. This patch take 2 other factors into >> account: >> 1) chains with multiple entries that differ by attributes that do not affect the >> hash value are only counted once, so as not to unduly bias system to rebuilding >> if features like QOS are heavily used >> 2) if rebuilding crosses a certain threshold (which is adjustable via the added >> sysctl in this patch), route caching is disabled entirely for that net >> namespace, since constant rebuilding is less efficient that no caching at all >> >> Tested successfully by me. >> >> Regards >> Neil >> >> Signed-off-by: Neil Horman <nhorman@...driver.com> > > OK, its almost done Neil :) > Copy that :). I'll take the weekend to go over this and repost it with _all_ your suggestions monday afternoon-ish. Thanks for all your input :) Neil -- /**************************************************** * Neil Horman <nhorman@...driver.com> * Software Engineer, Red Hat ****************************************************/ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists