[net-next] flowcache: Tune per cpu flow cache shrink size

Message ID	1394782966-9792-1-git-send-email-fan.du@windriver.com
State	Rejected, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Fan Du <fan.du@windriver.com> To: <steffen.klassert@secunet.com> CC: <davem@davemloft.net>, <netdev@vger.kernel.org> Subject: [PATCH net-next] flowcache: Tune per cpu flow cache shrink size Date: Fri, 14 Mar 2014 15:42:46 +0800 Message-ID: <1394782966-9792-1-git-send-email-fan.du@windriver.com> MIME-Version: 1.0 Content-Type: text/plain Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1394782966-9792-1-git-send-email-fan.du@windriver.com

State

Rejected, archived

Delegated to:

David Miller

Headers

From: Fan Du <fan.du@windriver.com>
To: <steffen.klassert@secunet.com>
CC: <davem@davemloft.net>, <netdev@vger.kernel.org>
Subject: [PATCH net-next] flowcache: Tune per cpu flow cache shrink size
Date: Fri, 14 Mar 2014 15:42:46 +0800
Message-ID: <1394782966-9792-1-git-send-email-fan.du@windriver.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

fan.du March 14, 2014, 7:42 a.m. UTC

When per cpu flow cache entries count reaches over high_watermark,
flow cache will be shrinked gently to around low_watermark, not
brutally killing most of cached entries by left only two.

Signed-off-by: Fan Du <fan.du@windriver.com>
---
 net/core/flow.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Steffen Klassert March 14, 2014, 10:26 a.m. UTC | #1

On Fri, Mar 14, 2014 at 03:42:46PM +0800, Fan Du wrote:
> When per cpu flow cache entries count reaches over high_watermark,
> flow cache will be shrinked gently to around low_watermark, not
> brutally killing most of cached entries by left only two.
> 

We currently keep two entries per hash bucket, this means that
we keep low_watermark entries at most in the flow cache.

With your change, we would keep low_watermark entries per hash bucket.
The flow cache would grow to low_watermark * flow_cache_hash_size then.
This would make DoS attacks against the flow cache quite easy.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Miller March 14, 2014, 6:43 p.m. UTC | #2

From: Fan Du <fan.du@windriver.com>
Date: Fri, 14 Mar 2014 15:42:46 +0800

> When per cpu flow cache entries count reaches over high_watermark,
> flow cache will be shrinked gently to around low_watermark, not
> brutally killing most of cached entries by left only two.
> 
> Signed-off-by: Fan Du <fan.du@windriver.com>

We are limiting hash chain lengths, not total hash table size.

Your change is therefore not appropriate.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/core/flow.c b/net/core/flow.c
index 31cfb365e0c6..e379cdcd699b 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -142,7 +142,7 @@  static void __flow_cache_shrink(struct flow_cache *fc,
 static void flow_cache_shrink(struct flow_cache *fc,
 			      struct flow_cache_percpu *fcp)
 {
-	int shrink_to = fc->low_watermark / flow_cache_hash_size(fc);
+	int shrink_to = fc->low_watermark;
 
 	__flow_cache_shrink(fc, fcp, shrink_to);
 }

[net-next] flowcache: Tune per cpu flow cache shrink size

Commit Message

Comments

Patch