tcp: syncookies: do not use getnstimeofday()

Message ID	1395282376.9114.75.camel@edumazet-glaptop2.roam.corp.google.com
State	RFC, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <1395282376.9114.75.camel@edumazet-glaptop2.roam.corp.google.com> Subject: Re: [PATCH] tcp: syncookies: do not use getnstimeofday() From: Eric Dumazet <eric.dumazet@gmail.com> To: Florian Westphal <fw@strlen.de> Cc: netdev@vger.kernel.org Date: Wed, 19 Mar 2014 19:26:16 -0700 In-Reply-To: <20140319225642.GA5080@breakpoint.cc> References: <1379709176-1625-1-git-send-email-fw@strlen.de> <1395261524.9114.60.camel@edumazet-glaptop2.roam.corp.google.com> <1395263181.9114.69.camel@edumazet-glaptop2.roam.corp.google.com> <20140319225642.GA5080@breakpoint.cc> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1395282376.9114.75.camel@edumazet-glaptop2.roam.corp.google.com

State

RFC, archived

Delegated to:

David Miller

Headers

Message-ID: <1395282376.9114.75.camel@edumazet-glaptop2.roam.corp.google.com>
Subject: Re: [PATCH] tcp: syncookies: do not use getnstimeofday()
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Florian Westphal <fw@strlen.de>
Cc: netdev@vger.kernel.org
Date: Wed, 19 Mar 2014 19:26:16 -0700
In-Reply-To: <20140319225642.GA5080@breakpoint.cc>
References: <1379709176-1625-1-git-send-email-fw@strlen.de>
	<1395261524.9114.60.camel@edumazet-glaptop2.roam.corp.google.com>
	<1395263181.9114.69.camel@edumazet-glaptop2.roam.corp.google.com>
	<20140319225642.GA5080@breakpoint.cc>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Eric Dumazet March 20, 2014, 2:26 a.m. UTC

On Wed, 2014-03-19 at 23:56 +0100, Florian Westphal wrote:
> Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > While it is true that getnstimeofday() uses about 40 cycles if TSC
> > is available, it can use 1600 cycles if hpet is the clocksource.
> 
> Ouch.  Why is secure_tcp_sequence_number also using
> ktime_get_real/getnstimeofday?
> 
> clock drift when other cpu is used?

Yeah, I guess we cant really avoid ktime_get() in this sequence
generation.

Alternative patch would be to use get_jiffies_64(), as it would
'solve' the issue you had on 32bit arches, and would be faster
than local_clock() :



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/include/net/tcp.h b/include/net/tcp.h
index bb253b9b2f06..06f948a3fad1 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -484,16 +484,14 @@  struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
  * This counter is used both as a hash input and partially encoded into
  * the cookie value.  A cookie is only validated further if the delta
  * between the current counter value and the encoded one is less than this,
- * i.e. a sent cookie is valid only at most for 128 seconds (or less if
+ * i.e. a sent cookie is valid only at most for 2*64 seconds (or less if
  * the counter advances immediately after a cookie is generated).
  */
 #define MAX_SYNCOOKIE_AGE 2
 
 static inline u32 tcp_cookie_time(void)
 {
-	struct timespec now;
-	getnstimeofday(&now);
-	return now.tv_sec >> 6; /* 64 seconds granularity */
+	return get_jiffies_64() / (64 * HZ);
 }
 
 u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,

tcp: syncookies: do not use getnstimeofday()

Commit Message

Patch