From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
netdev@vger.kernel.org
Subject: Re: [net-next PATCH 2/3] net: fix enforcing of fragment queue hash list depth
Date: Mon, 22 Apr 2013 11:10:34 +0200 [thread overview]
Message-ID: <1366621834.26911.271.camel@localhost> (raw)
In-Reply-To: <20130419194424.GI27889@order.stressinduktion.org>
On Fri, 2013-04-19 at 21:44 +0200, Hannes Frederic Sowa wrote:
> On Fri, Apr 19, 2013 at 04:29:02PM +0200, Jesper Dangaard Brouer wrote:
> > Well, I don't know. But we do need some solution, to the current code.
>
> In <http://article.gmane.org/gmane.linux.network/261361> I said that we could
> actually have a list lengt of about 370. At this time this number was stable,
> perhaps you could verify?
>
> I tried to flood the cache with very minimal packets so this was actually
> the hint that I should have resized the hash back then. With the current
> fragmentation cache design we could reach optimal behaviour as soon
> as the memory limits kicks in and lru eviction starts before we limit the
> fragments queues in the hash chains. The only way to achieve this is to
> increase the hash table slots and lower the maximum length limit. I would
> propose a limit of about 25-32 and as Eric said, a hash size of 1024. We could
> test if we are limited of accepting new fragments by memory limit (which would
> be fine because lru eviction kicks in) or by chain length (we could recheck
> the numbers then).
>
> So the chain limit would only kick in if someone tries to exploit the fragment
> cache by using the method I demonstrated before (which was the reason I
> introduced this limit).
(To avoid pissing people off) I acknowledge that we should change the
hash size, as its ridiculously small with 64 entries.
But your mem limit assumption and hash depth limit assumptions are
broken, because the mem limit is per netns (network namespace).
Thus, starting more netns instances will break these assumptions.
The dangerous part of your change (commit 5a3da1fe) is that you keep the
existing frag queues (and don't allow new frag queues to be created).
The attackers fragments will never finish (timeout 30 sec), while valid
fragments will complete and "exit" the queue, thus the end result is
hash bucket is filled with attackers invalid/incomplete fragments.
Besides, after we have implemented per hash bucket locking (in my change
commit 19952cc4 "net: frag queue per hash bucket locking").
Then, I don't think it is a big problem that a single hash bucket is
being "attacked".
IMHO we should just revert the change (commit 5a3da1fe), and increase
the hash size and fix the hashing for IPv6.
And then I'll find another method for fixing the global LRU list
scalability problem (than the "direct-hash-cleaning" method).
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Sr. Network Kernel Developer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2013-04-22 9:10 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-18 21:37 [net-next PATCH 0/3] net: frag code fixes and RFC for LRU removal Jesper Dangaard Brouer
2013-04-18 21:37 ` [net-next PATCH 1/3] net: fix race bug in fragmentation create code Jesper Dangaard Brouer
2013-04-19 1:00 ` Hannes Frederic Sowa
2013-04-19 8:09 ` Jesper Dangaard Brouer
2013-04-18 21:38 ` [net-next PATCH 2/3] net: fix enforcing of fragment queue hash list depth Jesper Dangaard Brouer
2013-04-19 0:52 ` Hannes Frederic Sowa
2013-04-19 10:11 ` Eric Dumazet
2013-04-19 10:41 ` David Laight
2013-04-19 11:14 ` Eric Dumazet
2013-04-19 12:19 ` Jesper Dangaard Brouer
2013-04-19 12:45 ` Hannes Frederic Sowa
2013-04-19 14:29 ` Jesper Dangaard Brouer
2013-04-19 15:06 ` Hannes Frederic Sowa
2013-04-19 19:44 ` Hannes Frederic Sowa
2013-04-22 9:10 ` Jesper Dangaard Brouer [this message]
2013-04-22 14:54 ` Hannes Frederic Sowa
2013-04-22 16:30 ` Jesper Dangaard Brouer
2013-04-22 17:49 ` Jesper Dangaard Brouer
2013-04-23 0:20 ` Hannes Frederic Sowa
2013-04-23 14:19 ` Jesper Dangaard Brouer
2013-04-23 20:54 ` Hannes Frederic Sowa
2013-04-19 14:42 ` Eric Dumazet
2013-04-19 14:45 ` Eric Dumazet
2013-04-19 14:45 ` Eric Dumazet
2013-04-19 14:49 ` Eric Dumazet
2013-04-24 13:35 ` Jesper Dangaard Brouer
2013-04-24 15:05 ` Eric Dumazet
2013-04-18 21:39 ` [RFC net-next PATCH 3/3] net: remove fragmentation LRU list system Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1366621834.26911.271.camel@localhost \
--to=brouer@redhat.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).