| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1294063372.2892.408.camel@edumazet-laptop> Date: Mon, 03 Jan 2011 15:02:52 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: hadi@...erus.ca Cc: Jarek Poplawski <jarkao2@...il.com>, David Miller <davem@...emloft.net>, Jesper Dangaard Brouer <hawk@...u.dk>, Patrick McHardy <kaber@...sh.net>, netdev <netdev@...r.kernel.org> Subject: Re: [RFC] net_sched: mark packet staying on queue too long Le lundi 03 janvier 2011 à 08:52 -0500, jamal a écrit : > On Sun, 2011-01-02 at 22:27 +0100, Eric Dumazet wrote: > > While playing with SFQ and other AQM, I was bothered to see how easy it > > was for a single tcp flow to 'fill the pipe' and consume lot of memory > > buffers in queues. I know Jesper use more than 50.000 SFQ on his > > routers, and with GRO packets this can consume a lot of memory. > > > > I played a bit adding ECN in SFQ, first by marking packets for a > > particular flow if this flow qlen was above a given threshold, and later > > using another trick : ECN mark packet if it stayed longer than a given > > delay in the queue. This of course could be done on other modules, what > > do you think ? > > > > I think for this to be effective, it would require maintaining some > history of the effect (some form of moving window average) > and probably a randomness in marking instead of a deterministic one. > Something like what Stochastic Fair RED/BLUE Queueing does. > Otherwise you get a burst of marked packets then silence then a burst > etc (i.e the classical synchronization effect). > I got fairly good results here, but admit-idly on a LAN. Yep, maybe adding RED on each SFQ slot ;) Should be fairly cheap, and actually needed in case ECN is not possible and we must earlly drop instead. I found BLUE very expensive in term of cache line accesses. Especially with double hashing. > It would probably be more effective to provide feedback to the local tcp > since we can detect this locally instead of waiting to some round trip > (or half roundtrip) effect at the receiver with ECN i.e in the same > spirit as NET_XMIT_CN but for which local TCP does something useful with > that info (instead of "retransmit shortly"). But even that would require > maintaining some state on the scheduler per hash in this case.... > local tcp, for a router ? Hmm... But yes I see your point. Speaking of ECN marking, it seems we (in RED/GRED or tunnels) change skb data even if it is shared (can happen on ingress path) Probably harmless, but tcpdump can show ECN bit being marked even on skb snapshot before ingress (and later, ECN marked) or tunnels, while it came unset from the wire. Is it worth fixing this ? maybe using skb_make_writable() [once moved to core network from netfilter] -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists