Message ID | 1394782966-9792-1-git-send-email-fan.du@windriver.com |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
On Fri, Mar 14, 2014 at 03:42:46PM +0800, Fan Du wrote: > When per cpu flow cache entries count reaches over high_watermark, > flow cache will be shrinked gently to around low_watermark, not > brutally killing most of cached entries by left only two. > We currently keep two entries per hash bucket, this means that we keep low_watermark entries at most in the flow cache. With your change, we would keep low_watermark entries per hash bucket. The flow cache would grow to low_watermark * flow_cache_hash_size then. This would make DoS attacks against the flow cache quite easy. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Fan Du <fan.du@windriver.com> Date: Fri, 14 Mar 2014 15:42:46 +0800 > When per cpu flow cache entries count reaches over high_watermark, > flow cache will be shrinked gently to around low_watermark, not > brutally killing most of cached entries by left only two. > > Signed-off-by: Fan Du <fan.du@windriver.com> We are limiting hash chain lengths, not total hash table size. Your change is therefore not appropriate. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/flow.c b/net/core/flow.c index 31cfb365e0c6..e379cdcd699b 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -142,7 +142,7 @@ static void __flow_cache_shrink(struct flow_cache *fc, static void flow_cache_shrink(struct flow_cache *fc, struct flow_cache_percpu *fcp) { - int shrink_to = fc->low_watermark / flow_cache_hash_size(fc); + int shrink_to = fc->low_watermark; __flow_cache_shrink(fc, fcp, shrink_to); }
When per cpu flow cache entries count reaches over high_watermark, flow cache will be shrinked gently to around low_watermark, not brutally killing most of cached entries by left only two. Signed-off-by: Fan Du <fan.du@windriver.com> --- net/core/flow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)