summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2015-02-04 21:30:40 -0800
committerDavid S. Miller <davem@davemloft.net>2015-02-04 22:15:45 -0800
commit06eb395fa9856b5a87cf7d80baee2a0ed3cdb9d7 (patch)
treeb17f7ee51599f992622f924d6a39fcc8e06292f5 /drivers
parentf2683b743f2334ef49a5361bf596dd1fbd2c9be4 (diff)
pkt_sched: fq: better control of DDOS traffic
FQ has a fast path for skb attached to a socket, as it does not have to compute a flow hash. But for other packets, FQ being non stochastic means that hosts exposed to random Internet traffic can allocate million of flows structure (104 bytes each) pretty easily. Not only host can OOM, but lookup in RB trees can take too much cpu and memory resources. This patch adds a new attribute, orphan_mask, that is adding possibility of having a stochastic hash for orphaned skb. Its default value is 1024 slots, to mimic SFQ behavior. Note: This does not apply to locally generated TCP traffic, and no locally generated traffic will share a flow structure with another perfect or stochastic flow. This patch also handles the specific case of SYNACK messages: They are attached to the listener socket, and therefore all map to a single hash bucket. If listener have set SO_MAX_PACING_RATE, hoping to have new accepted socket inherit this rate, SYNACK might be paced and even dropped. This is very similar to an internal patch Google have used more than one year. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions