linux-hardened/net/ipv4
Neil Horman 1080d709fb net: implement emergency route cache rebulds when gc_elasticity is exceeded
This is a patch to provide on demand route cache rebuilding.  Currently, our
route cache is rebulid periodically regardless of need.  This introduced
unneeded periodic latency.  This patch offers a better approach.  Using code
provided by Eric Dumazet, we compute the standard deviation of the average hash
bucket chain length while running rt_check_expire.  Should any given chain
length grow to larger that average plus 4 standard deviations, we trigger an
emergency hash table rebuild for that net namespace.  This allows for the common
case in which chains are well behaved and do not grow unevenly to not incur any
latency at all, while those systems (which may be being maliciously attacked),
only rebuild when the attack is detected.  This patch take 2 other factors into
account:
1) chains with multiple entries that differ by attributes that do not affect the
hash value are only counted once, so as not to unduly bias system to rebuilding
if features like QOS are heavily used
2) if rebuilding crosses a certain threshold (which is adjustable via the added
sysctl in this patch), route caching is disabled entirely for that net
namespace, since constant rebuilding is less efficient that no caching at all

Tested successfully by me.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-10-27 17:06:14 -07:00
..
netfilter netfilter: snmp nat leaks memory in case of failure 2008-10-20 03:33:24 -07:00
af_inet.c ipv4: Allow binding to non-local addresses if IP_TRANSPARENT is set 2008-10-01 07:31:24 -07:00
ah4.c
arp.c netfilter: replace old NF_ARP calls with NFPROTO_ARP 2008-10-20 03:34:51 -07:00
cipso_ipv4.c cipso: Add support for native local labeling and fixup mapping names 2008-10-10 10:16:34 -04:00
datagram.c
devinet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-10-17 08:58:52 -07:00
esp4.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
fib_frontend.c
fib_hash.c
fib_lookup.h
fib_rules.c
fib_semantics.c
fib_trie.c
icmp.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
igmp.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
inet_connection_sock.c inet: cleanup of local_port_range 2008-10-08 14:18:04 -07:00
inet_diag.c net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely) 2008-10-16 15:24:51 -07:00
inet_fragment.c net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
inet_hashtables.c net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
inet_lro.c
inet_timewait_sock.c ipv4: Implement IP_TRANSPARENT socket option 2008-10-01 07:30:02 -07:00
inetpeer.c
ip_forward.c
ip_fragment.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
ip_gre.c gre: Initialise rtnl_link tunnel parameters properly 2008-10-11 12:20:15 -07:00
ip_input.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
ip_options.c cipso: Add support for native local labeling and fixup mapping names 2008-10-10 10:16:34 -04:00
ip_output.c ipv4: Make Netfilter's ip_route_me_harder() non-local address compatible 2008-10-01 07:44:42 -07:00
ip_sockglue.c ipv4: Implement IP_TRANSPARENT socket option 2008-10-01 07:30:02 -07:00
ipcomp.c ipcomp: Fix warnings after ipcomp consolidation. 2008-07-27 03:59:24 -07:00
ipconfig.c
ipip.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
ipmr.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
Kconfig IPVS: Move IPVS to net/netfilter/ipvs 2008-10-07 08:38:24 +11:00
Makefile IPVS: Move IPVS to net/netfilter/ipvs 2008-10-07 08:38:24 +11:00
netfilter.c netfilter: netns: fix {ip,6}_route_me_harder() in netns 2008-10-08 11:35:03 +02:00
proc.c tcp: MD5: Use MIB counter instead of warning for MD5 mismatch. 2008-07-30 03:27:25 -07:00
protocol.c
raw.c
route.c net: implement emergency route cache rebulds when gc_elasticity is exceeded 2008-10-27 17:06:14 -07:00
syncookies.c tcp: Port redirection support for TCP 2008-10-01 07:46:49 -07:00
sysctl_net_ipv4.c net: implement emergency route cache rebulds when gc_elasticity is exceeded 2008-10-27 17:06:14 -07:00
tcp.c tcp: kill pointless urg_mode 2008-10-07 14:43:06 -07:00
tcp_bic.c
tcp_cong.c net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely) 2008-10-16 15:24:51 -07:00
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c tcp: Fix tcp_hybla zero congestion window growth with small rho and large cwnd. 2008-10-07 15:58:17 -07:00
tcp_illinois.c
tcp_input.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-10-08 14:56:41 -07:00
tcp_ipv4.c tcpv[46]: fix md5 pseudoheader address field ordering 2008-10-09 14:37:47 -07:00
tcp_lp.c
tcp_minisocks.c tcp: kill pointless urg_mode 2008-10-07 14:43:06 -07:00
tcp_output.c syncookies: fix inclusion of tcp options in syn-ack 2008-10-26 23:10:12 -07:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c net: wrap sk->sk_backlog_rcv() 2008-10-07 14:18:42 -07:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c net: Rationalise email address: Network Specific Parts 2008-10-13 19:01:08 -07:00
udp_impl.h
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_state.c
xfrm4_tunnel.c