From: Balazs Scheidler <bazsi@balabit.hu>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, tproxy@lists.balabit.hu,
hidden@sch.bme.hu, panther@balabit.hu
Subject: Re: [RFC][PATCH] [TPROXY] kick out TIME_WAIT sockets in case a new connection comes in with the same tuple
Date: Wed, 10 Dec 2008 09:52:22 +0100 [thread overview]
Message-ID: <1228899142.7542.31.camel@bzorp.balabit> (raw)
In-Reply-To: <20081209.221838.206534714.davem@davemloft.net>
On Tue, 2008-12-09 at 22:18 -0800, David Miller wrote:
> From: Balazs Scheidler <bazsi@balabit.hu>
> Date: Tue, 09 Dec 2008 08:51:35 +0000
>
> > Hi,
> >
> > I'd like to get some guidance regarding the following patch. There's a
> > severe performance limitation related to TIME_WAIT sockets and TProxy rules.
> > The patch below is the 'nice' approach, but it adds 6 bytes to
> > inet_sock and inet_timewait_sock. The 'ugly' approach would be to schedule the
> > removal of the affected TIME_WAIT sockets at PREROUTING time.
> >
> > This post is meant to get some review, but please do not apply this patch this time.
>
> I have no general objection to this, but people seem to be
> experts at making various parts of the TCP socket structures
> larger and larger :-(
>
I understand. Here are the alternatives I considered:
1) the patch above, by extending the socket structures
2) expand skb, of course I felt this is worse than the patch I posted
3) call inet_twsk_deschedule() from the prerouting hook
The 3rd one does not require any expansion of the related structures,
however it'd mean that the TCP state is not only looked up, but also
changed from the TPROXY target. I felt this ugly, but the ugliness would
be constrained to the tproxy code. Shall I post a patch implementing
option #3 above?
--
Bazsi
next prev parent reply other threads:[~2008-12-10 8:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 8:51 [RFC][PATCH] [TPROXY] kick out TIME_WAIT sockets in case a new connection comes in with the same tuple Balazs Scheidler
2008-12-10 6:18 ` David Miller
2008-12-10 8:52 ` Balazs Scheidler [this message]
2008-12-10 8:57 ` David Miller
2008-12-10 10:15 ` Balazs Scheidler
2008-12-10 23:21 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1228899142.7542.31.camel@bzorp.balabit \
--to=bazsi@balabit.hu \
--cc=davem@davemloft.net \
--cc=hidden@sch.bme.hu \
--cc=netdev@vger.kernel.org \
--cc=panther@balabit.hu \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox