linux/include/net/fq.h

105 lines
2.7 KiB
C
Raw Normal View History

/* SPDX-License-Identifier: GPL-2.0-only */
/*
* Copyright (c) 2016 Qualcomm Atheros, Inc
*
* Based on net/sched/sch_fq_codel.c
*/
#ifndef __NET_SCHED_FQ_H
#define __NET_SCHED_FQ_H
struct fq_tin;
/**
* struct fq_flow - per traffic flow queue
*
* @tin: owner of this flow. Used to manage collisions, i.e. when a packet
* hashes to an index which points to a flow that is already owned by a
* different tin the packet is destined to. In such case the implementer
* must provide a fallback flow
* @flowchain: can be linked to fq_tin's new_flows or old_flows. Used for DRR++
* (deficit round robin) based round robin queuing similar to the one
* found in net/sched/sch_fq_codel.c
* @backlogchain: can be linked to other fq_flow and fq. Used to keep track of
* fat flows and efficient head-dropping if packet limit is reached
* @queue: sk_buff queue to hold packets
* @backlog: number of bytes pending in the queue. The number of packets can be
* found in @queue.qlen
* @deficit: used for DRR++
*/
struct fq_flow {
struct fq_tin *tin;
struct list_head flowchain;
struct list_head backlogchain;
struct sk_buff_head queue;
u32 backlog;
int deficit;
};
/**
* struct fq_tin - a logical container of fq_flows
*
* Used to group fq_flows into a logical aggregate. DRR++ scheme is used to
* pull interleaved packets out of the associated flows.
*
* @new_flows: linked list of fq_flow
* @old_flows: linked list of fq_flow
*/
struct fq_tin {
struct list_head new_flows;
struct list_head old_flows;
u32 backlog_bytes;
u32 backlog_packets;
u32 overlimit;
u32 collisions;
u32 flows;
u32 tx_bytes;
u32 tx_packets;
};
/**
* struct fq - main container for fair queuing purposes
*
* @backlogs: linked to fq_flows. Used to maintain fat flows for efficient
* head-dropping when @backlog reaches @limit
* @limit: max number of packets that can be queued across all flows
* @backlog: number of packets queued across all flows
*/
struct fq {
struct fq_flow *flows;
struct list_head backlogs;
spinlock_t lock;
u32 flows_cnt;
net/flow_dissector: switch to siphash UDP IPv6 packets auto flowlabels are using a 32bit secret (static u32 hashrnd in net/core/flow_dissector.c) and apply jhash() over fields known by the receivers. Attackers can easily infer the 32bit secret and use this information to identify a device and/or user, since this 32bit secret is only set at boot time. Really, using jhash() to generate cookies sent on the wire is a serious security concern. Trying to change the rol32(hash, 16) in ip6_make_flowlabel() would be a dead end. Trying to periodically change the secret (like in sch_sfq.c) could change paths taken in the network for long lived flows. Let's switch to siphash, as we did in commit df453700e8d8 ("inet: switch IP ID generator to siphash") Using a cryptographically strong pseudo random function will solve this privacy issue and more generally remove other weak points in the stack. Packet schedulers using skb_get_hash_perturb() benefit from this change. Fixes: b56774163f99 ("ipv6: Enable auto flow labels by default") Fixes: 42240901f7c4 ("ipv6: Implement different admin modes for automatic flow labels") Fixes: 67800f9b1f4e ("ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel") Fixes: cb1ce2ef387b ("ipv6: Implement automatic flow label generation on transmit") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Berger <jonathann1@walla.com> Reported-by: Amit Klein <aksecurity@gmail.com> Reported-by: Benny Pinkas <benny@pinkas.net> Cc: Tom Herbert <tom@herbertland.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-22 14:57:46 +00:00
siphash_key_t perturbation;
u32 limit;
u32 memory_limit;
u32 memory_usage;
u32 quantum;
u32 backlog;
u32 overlimit;
u32 overmemory;
u32 collisions;
};
typedef struct sk_buff *fq_tin_dequeue_t(struct fq *,
struct fq_tin *,
struct fq_flow *flow);
typedef void fq_skb_free_t(struct fq *,
struct fq_tin *,
struct fq_flow *,
struct sk_buff *);
/* Return %true to filter (drop) the frame. */
typedef bool fq_skb_filter_t(struct fq *,
struct fq_tin *,
struct fq_flow *,
struct sk_buff *,
void *);
typedef struct fq_flow *fq_flow_get_default_t(struct fq *,
struct fq_tin *,
int idx,
struct sk_buff *);
#endif