• Eric Dumazet's avatar
    rps: tcp: fix rps_sock_flow_table table updates · ca55158c
    Eric Dumazet authored
    I believe a moderate SYN flood attack can corrupt RFS flow table
    (rps_sock_flow_table), making RPS/RFS much less effective.
    
    Even in a normal situation, server handling short lived sessions suffer
    from bad steering for the first data packet of a session, if another SYN
    packet is received for another session.
    
    We do following action in tcp_v4_rcv() :
    
    	sock_rps_save_rxhash(sk, skb->rxhash);
    
    We should _not_ do this if sk is a LISTEN socket, as about each
    packet received on a LISTEN socket has a different rxhash than
    previous one.
     -> RPS_NO_CPU markers are spread all over rps_sock_flow_table.
    
    Also, it makes sense to protect sk->rxhash field changes with socket
    lock (We currently can change it even if user thread owns the lock
    and might use rxhash)
    
    This patch moves sock_rps_save_rxhash() to a sock locked section,
    and only for non LISTEN sockets.
    Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    ca55158c
tcp_ipv4.c 65 KB