• Willem de Bruijn's avatar
    packet: rollover huge flows before small flows · 3b3a5b0a
    Willem de Bruijn authored
    Migrate flows from a socket to another socket in the fanout group not
    only when the socket is full. Start migrating huge flows early, to
    divert possible 4-tuple attacks without affecting normal traffic.
    
    Introduce fanout_flow_is_huge(). This detects huge flows, which are
    defined as taking up more than half the load. It does so cheaply, by
    storing the rxhashes of the N most recent packets. If over half of
    these are the same rxhash as the current packet, then drop it. This
    only protects against 4-tuple attacks. N is chosen to fit all data in
    a single cache line.
    
    Tested:
      Ran bench_rollover for 10 sec with 1.5 Mpps of single flow input.
    
        lpbb5:/export/hda3/willemb# ./bench_rollover -l 1000 -r -s
        cpu         rx       rx.k     drop.k   rollover     r.huge   r.failed
          0         14         14          0          0          0          0
          1         20         20          0          0          0          0
          2         16         16          0          0          0          0
          3    6168824    6168824          0    4867721    4867721          0
          4    4867741    4867741          0          0          0          0
          5         12         12          0          0          0          0
          6         15         15          0          0          0          0
          7         17         17          0          0          0          0
    Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3b3a5b0a
af_packet.c 100 KB