From: Michael Vittrup Larsen <michael.vittrup.larsen@ericsson.com>
To: Stephen Hemminger <shemminger@osdl.org>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@oss.sgi.com
Subject: Re: [PATCH] tcp: efficient port randomisation
Date: Fri, 5 Nov 2004 12:03:58 +0200 [thread overview]
Message-ID: <200411051103.59032.michael.vittrup.larsen@ericsson.com> (raw)
In-Reply-To: <20041104100104.570e67cd@dxpl.pdx.osdl.net>
On Thursday 04 November 2004 19:01, Stephen Hemminger wrote:
> But because of the hashing most ports will be scattered all over the port
> space, because they come from different hosts.
>
> Also, Linux TCP will reuse ports if (saddr, daddr, sport) are different.
> Look at __tcp_v4_check_established. This means that the ports actually
> have to be in use with real connections to the same host.
__tcp_v4_check_established is the linux version of the uniqueness test from
the draft, and of course ports ports can be reused when at least one of the
other parameters (saddr, daddr, sport) are different.
I focus on the situation where (saddr, daddr, sport) is constant since this is
where we get collisions and need to try another port. Not storing the port
found to be unused will result in situations like:
tcp_rover_next is say 2000
Ports 2000-2010 are already used because you are browsing www.osdl.org
Your search will find 2011 to be unused after 10 retries and tcp_rover_next
will be 2001.
Your next search (you continue to browse www.osdl.org) will result in 2012 -
again after 10 retries.
In a simple browsing scenario like this, you will usually not have holes
because of TCP TIME-WAIT and your rover will continue to lag behind and you
will continue to make 10 retries on ports.
The question is then, when do the rover begin to lack behind?
Everytime you meet a long-lived connection in the port space your rover will
lag one port behind the real 'unused' rover. Using wget and browsing
www.osdl.org may easily produce this problem.
I understand your argument for not holding the lock, and maybe the following
algorithm is a compromise:
1. Use the current algorithm that does not hold the lock
2. If a port was found in first try, then exit (you have already
incremented tcp_rover_next by 1 so this is up to date as per
the old algorithm).
3. If more than one port try was necessary, compute the difference between
the initial rover to the current unused port, and atomic_add() this to
tcp_rover_next.
The only drawback of this is, that tcp_rover_next may 'run' a little too fast
in contention cases, which only has theoretical impact on performance. Also,
this only happens when we meet a long-lived connection, which we usually do
not have many of.
next prev parent reply other threads:[~2004-11-05 10:03 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20041027092531.78fe438c@guest-251-240.pdx.osdl.net>
[not found] ` <200410291048.01955.michael.vittrup.larsen@ericsson.com>
2004-10-29 17:28 ` [PATCH] tcp: efficient port randomisation Stephen Hemminger
2004-11-01 9:58 ` Michael Vittrup Larsen
2004-11-01 17:20 ` Stephen Hemminger
2004-11-02 7:54 ` Michael Vittrup Larsen
2004-11-04 18:01 ` Stephen Hemminger
2004-11-05 10:03 ` Michael Vittrup Larsen [this message]
2004-11-17 23:30 ` [PATCH] tcp: efficient port randomisation (revised) Stephen Hemminger
2004-11-19 7:38 ` Michael Vittrup Larsen
2004-12-01 5:46 ` David S. Miller
[not found] ` <20041201152446.3a0d5ce3@dxpl.pdx.osdl.net>
[not found] ` <20041201204622.7b760400.davem@davemloft.net>
2004-12-02 21:49 ` Stephen Hemminger
2004-12-02 21:52 ` David S. Miller
2004-12-02 22:51 ` Stephen Hemminger
2004-12-02 23:01 ` Stephen Hemminger
2004-12-04 5:42 ` Stephen Hemminger
2004-12-06 8:18 ` Michael Vittrup Larsen
2004-12-06 17:42 ` [PATCH] tcp: efficient port randomisation (rev 3) Stephen Hemminger
2004-12-09 7:55 ` David S. Miller
2004-12-11 1:09 ` [PATCH] tcp: efficient port randomistion " Stephen Hemminger
2004-12-20 23:39 ` David S. Miller
2005-06-22 9:17 ` Michael Vittrup Larsen
2005-06-22 16:44 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200411051103.59032.michael.vittrup.larsen@ericsson.com \
--to=michael.vittrup.larsen@ericsson.com \
--cc=davem@davemloft.net \
--cc=netdev@oss.sgi.com \
--cc=shemminger@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).