Commit ca55158c authored Jun 03, 2010 by Eric Dumazet Committed by David S. Miller Jun 04, 2010

rps: tcp: fix rps_sock_flow_table table updates



I believe a moderate SYN flood attack can corrupt RFS flow table
(rps_sock_flow_table), making RPS/RFS much less effective.

Even in a normal situation, server handling short lived sessions suffer
from bad steering for the first data packet of a session, if another SYN
packet is received for another session.

We do following action in tcp_v4_rcv() :

	sock_rps_save_rxhash(sk, skb->rxhash);

We should _not_ do this if sk is a LISTEN socket, as about each
packet received on a LISTEN socket has a different rxhash than
previous one.
 -> RPS_NO_CPU markers are spread all over rps_sock_flow_table.

Also, it makes sense to protect sk->rxhash field changes with socket
lock (We currently can change it even if user thread owns the lock
and might use rxhash)

This patch moves sock_rps_save_rxhash() to a sock locked section,
and only for non LISTEN sockets.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 536e00e5

net/ipv4/tcp_ipv4.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -1555,6 +1555,7 @@ int tcp_v4_do_rcv(struct sock sk, struct sk_buff skb)
		#endif

		if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
		sock_rps_save_rxhash(sk, skb->rxhash);
		TCP_CHECK_TIMER(sk);
		if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
		rsk = sk;
		@@ -1579,7 +1580,9 @@ int tcp_v4_do_rcv(struct sock sk, struct sk_buff skb)
		}
		return 0;
		}
		}
		} else
		sock_rps_save_rxhash(sk, skb->rxhash);


		TCP_CHECK_TIMER(sk);
		if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
		@@ -1672,8 +1675,6 @@ process:

		skb->dev = NULL;

		sock_rps_save_rxhash(sk, skb->rxhash);

		bh_lock_sock_nested(sk);
		ret = 0;
		if (!sock_owned_by_user(sk)) {

Admin message