linux/include/uapi
Eric Dumazet 06eb395fa9 pkt_sched: fq: better control of DDOS traffic
FQ has a fast path for skb attached to a socket, as it does not
have to compute a flow hash. But for other packets, FQ being non
stochastic means that hosts exposed to random Internet traffic
can allocate million of flows structure (104 bytes each) pretty
easily. Not only host can OOM, but lookup in RB trees can take
too much cpu and memory resources.

This patch adds a new attribute, orphan_mask, that is adding
possibility of having a stochastic hash for orphaned skb.

Its default value is 1024 slots, to mimic SFQ behavior.

Note: This does not apply to locally generated TCP traffic,
and no locally generated traffic will share a flow structure
with another perfect or stochastic flow.

This patch also handles the specific case of SYNACK messages:

They are attached to the listener socket, and therefore all map
to a single hash bucket. If listener have set SO_MAX_PACING_RATE,
hoping to have new accepted socket inherit this rate, SYNACK
might be paced and even dropped.

This is very similar to an internal patch Google have used more
than one year.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-02-04 22:15:45 -08:00
..
asm-generic vfs: renumber FMODE_NONOTIFY and add to uniqueness check 2015-01-08 15:10:52 -08:00
drm Merge tag 'drm-intel-next-2014-11-21-fixed' of git://anongit.freedesktop.org/drm-intel into drm-next 2014-12-03 08:25:59 +10:00
linux pkt_sched: fq: better control of DDOS traffic 2015-02-04 22:15:45 -08:00
misc cxl: Add documentation for userspace APIs 2014-10-08 20:16:19 +11:00
mtd
rdma IB/core: Add flags for on demand paging support 2014-12-15 18:13:35 -08:00
scsi
sound ALSA: oxfw: Add hwdep interface 2014-12-10 10:50:00 +01:00
video
xen
Kbuild cxl: Add userspace header file 2014-10-08 20:15:57 +11:00