lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 29 Aug 2022 13:44:35 +0200
From:   Richard Gobert <richardbgobert@...il.com>
To:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, corbet@....net, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, alex.aring@...il.com,
        stefan@...enfreihafen.org, pablo@...filter.org,
        kadlec@...filter.org, fw@...len.de, kafai@...com,
        netdev@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-wpan@...r.kernel.org,
        netfilter-devel@...r.kernel.org, coreteam@...filter.org
Subject: [PATCH 0/4] net-next: frags: add adaptive per-peer timeout under load

This patch series introduces an optimization of fragment queues under
load.

The goal is to improve upon the current approach of static timeouts
(frag_timeout, 30 seconds by default) by implementing Eric's
suggestion of reducing timeouts under load [1], with additional
considerations for peer-specific load.

The timeout reduction is done dynamically per peer, based on both
global and peer-specific load. low_thresh is reintroduced and now acts 
as a knob for adjusting per-peer memory limits.

A comparison of netperf results before and after applying the patch:

Before:
    [vm1 ~]# ./super_netperf.sh 10 -H 172.16.43.3 -l 60 -t UDP_STREAM
    103.23

After:
    [vm1 ~]# ./super_netperf.sh 10 -H 172.16.43.3 -l 60 -t UDP_STREAM
    576.17

And another benchmark of a more specific use case.
One high-bandwidth memory-hogging peer (vm1), and another "average"
client (vm2), attempting to communicate with the same server:

Before:
    [vm1 ~]# ./super_netperf.sh 10 -H 172.16.43.3 -l 60 -t UDP_STREAM
	42.57
	[vm2 ~]# ./super_netperf.sh 1 -H 172.16.43.3 -l 60 -t UDP_STREAM
	50.93

After:
    [vm1 ~]# ./super_netperf.sh 10 -H 172.16.43.3 -l 60 -t UDP_STREAM
	420.65
	[vm2 ~]# ./super_netperf.sh 1 -H 172.16.43.3 -l 60 -t UDP_STREAM
	624.79


These benchmarks were done using the following configuration:

[vm3 ~]# grep . /proc/sys/net/ipv4/ipfrag_*
/proc/sys/net/ipv4/ipfrag_high_thresh:104857600
/proc/sys/net/ipv4/ipfrag_low_thresh:78643200
/proc/sys/net/ipv4/ipfrag_max_dist:64
/proc/sys/net/ipv4/ipfrag_secret_interval:0
/proc/sys/net/ipv4/ipfrag_time:30

Regards,
Richard

[1] https://www.mail-archive.com/netdev@vger.kernel.org/msg242228.html

Richard Gobert (4):
  net-next: frags: move inetpeer from ip4 to inet
  net-next: ip6: fetch inetpeer in ip6frag_init
  net-next: frags: add inetpeer frag_mem tracking
  net-next: frags: dynamic timeout under load

 Documentation/networking/ip-sysctl.rst  |  3 +
 include/net/inet_frag.h                 | 13 ++---
 include/net/inetpeer.h                  |  1 +
 include/net/ipv6_frag.h                 |  3 +
 net/ieee802154/6lowpan/reassembly.c     |  2 +-
 net/ipv4/inet_fragment.c                | 77 ++++++++++++++++++++++---
 net/ipv4/inetpeer.c                     |  1 +
 net/ipv4/ip_fragment.c                  | 25 ++------
 net/ipv6/netfilter/nf_conntrack_reasm.c |  2 +-
 net/ipv6/reassembly.c                   |  2 +-
 10 files changed, 89 insertions(+), 40 deletions(-)

-- 
2.36.1

Powered by blists - more mailing lists