Commit e9261476 authored by Willy Tarreau's avatar Willy Tarreau Committed by Jakub Kicinski

tcp: dynamically allocate the perturb table used by source ports

We'll need to further increase the size of this table and it's likely
that at some point its size will not be suitable anymore for a static
table. Let's allocate it on boot from inet_hashinfo2_init(), which is
called from tcp_init().

Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent ca7af040
...@@ -731,7 +731,8 @@ EXPORT_SYMBOL_GPL(inet_unhash); ...@@ -731,7 +731,8 @@ EXPORT_SYMBOL_GPL(inet_unhash);
* privacy, this only consumes 1 KB of kernel memory. * privacy, this only consumes 1 KB of kernel memory.
*/ */
#define INET_TABLE_PERTURB_SHIFT 8 #define INET_TABLE_PERTURB_SHIFT 8
static u32 table_perturb[1 << INET_TABLE_PERTURB_SHIFT]; #define INET_TABLE_PERTURB_SIZE (1 << INET_TABLE_PERTURB_SHIFT)
static u32 *table_perturb;
int __inet_hash_connect(struct inet_timewait_death_row *death_row, int __inet_hash_connect(struct inet_timewait_death_row *death_row,
struct sock *sk, u64 port_offset, struct sock *sk, u64 port_offset,
...@@ -774,7 +775,8 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, ...@@ -774,7 +775,8 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
if (likely(remaining > 1)) if (likely(remaining > 1))
remaining &= ~1U; remaining &= ~1U;
net_get_random_once(table_perturb, sizeof(table_perturb)); net_get_random_once(table_perturb,
INET_TABLE_PERTURB_SIZE * sizeof(*table_perturb));
index = hash_32(port_offset, INET_TABLE_PERTURB_SHIFT); index = hash_32(port_offset, INET_TABLE_PERTURB_SHIFT);
offset = READ_ONCE(table_perturb[index]) + (port_offset >> 32); offset = READ_ONCE(table_perturb[index]) + (port_offset >> 32);
...@@ -912,6 +914,12 @@ void __init inet_hashinfo2_init(struct inet_hashinfo *h, const char *name, ...@@ -912,6 +914,12 @@ void __init inet_hashinfo2_init(struct inet_hashinfo *h, const char *name,
low_limit, low_limit,
high_limit); high_limit);
init_hashinfo_lhash2(h); init_hashinfo_lhash2(h);
/* this one is used for source ports of outgoing connections */
table_perturb = kmalloc_array(INET_TABLE_PERTURB_SIZE,
sizeof(*table_perturb), GFP_KERNEL);
if (!table_perturb)
panic("TCP: failed to alloc table_perturb");
} }
int inet_hashinfo2_init_mod(struct inet_hashinfo *h) int inet_hashinfo2_init_mod(struct inet_hashinfo *h)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment