fa76ce7328
One of the major issue for TCP is the SYNACK rtx handling, done by inet_csk_reqsk_queue_prune(), fired by the keepalive timer of a TCP_LISTEN socket. This function runs for awful long times, with socket lock held, meaning that other cpus needing this lock have to spin for hundred of ms. SYNACK are sent in huge bursts, likely to cause severe drops anyway. This model was OK 15 years ago when memory was very tight. We now can afford to have a timer per request sock. Timer invocations no longer need to lock the listener, and can be run from all cpus in parallel. With following patch increasing somaxconn width to 32 bits, I tested a listener with more than 4 million active request sockets, and a steady SYNFLOOD of ~200,000 SYN per second. Host was sending ~830,000 SYNACK per second. This is ~100 times more what we could achieve before this patch. Later, we will get rid of the listener hash and use ehash instead. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
347 lines
11 KiB
C
347 lines
11 KiB
C
/*
|
|
* NET Generic infrastructure for INET connection oriented protocols.
|
|
*
|
|
* Definitions for inet_connection_sock
|
|
*
|
|
* Authors: Many people, see the TCP sources
|
|
*
|
|
* From code originally in TCP
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
#ifndef _INET_CONNECTION_SOCK_H
|
|
#define _INET_CONNECTION_SOCK_H
|
|
|
|
#include <linux/compiler.h>
|
|
#include <linux/string.h>
|
|
#include <linux/timer.h>
|
|
#include <linux/poll.h>
|
|
|
|
#include <net/inet_sock.h>
|
|
#include <net/request_sock.h>
|
|
|
|
#define INET_CSK_DEBUG 1
|
|
|
|
/* Cancel timers, when they are not required. */
|
|
#undef INET_CSK_CLEAR_TIMERS
|
|
|
|
struct inet_bind_bucket;
|
|
struct tcp_congestion_ops;
|
|
|
|
/*
|
|
* Pointers to address related TCP functions
|
|
* (i.e. things that depend on the address family)
|
|
*/
|
|
struct inet_connection_sock_af_ops {
|
|
int (*queue_xmit)(struct sock *sk, struct sk_buff *skb, struct flowi *fl);
|
|
void (*send_check)(struct sock *sk, struct sk_buff *skb);
|
|
int (*rebuild_header)(struct sock *sk);
|
|
void (*sk_rx_dst_set)(struct sock *sk, const struct sk_buff *skb);
|
|
int (*conn_request)(struct sock *sk, struct sk_buff *skb);
|
|
struct sock *(*syn_recv_sock)(struct sock *sk, struct sk_buff *skb,
|
|
struct request_sock *req,
|
|
struct dst_entry *dst);
|
|
u16 net_header_len;
|
|
u16 net_frag_header_len;
|
|
u16 sockaddr_len;
|
|
int (*setsockopt)(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int (*getsockopt)(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#ifdef CONFIG_COMPAT
|
|
int (*compat_setsockopt)(struct sock *sk,
|
|
int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int (*compat_getsockopt)(struct sock *sk,
|
|
int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#endif
|
|
void (*addr2sockaddr)(struct sock *sk, struct sockaddr *);
|
|
int (*bind_conflict)(const struct sock *sk,
|
|
const struct inet_bind_bucket *tb, bool relax);
|
|
void (*mtu_reduced)(struct sock *sk);
|
|
};
|
|
|
|
/** inet_connection_sock - INET connection oriented sock
|
|
*
|
|
* @icsk_accept_queue: FIFO of established children
|
|
* @icsk_bind_hash: Bind node
|
|
* @icsk_timeout: Timeout
|
|
* @icsk_retransmit_timer: Resend (no ack)
|
|
* @icsk_rto: Retransmit timeout
|
|
* @icsk_pmtu_cookie Last pmtu seen by socket
|
|
* @icsk_ca_ops Pluggable congestion control hook
|
|
* @icsk_af_ops Operations which are AF_INET{4,6} specific
|
|
* @icsk_ca_state: Congestion control state
|
|
* @icsk_retransmits: Number of unrecovered [RTO] timeouts
|
|
* @icsk_pending: Scheduled timer event
|
|
* @icsk_backoff: Backoff
|
|
* @icsk_syn_retries: Number of allowed SYN (or equivalent) retries
|
|
* @icsk_probes_out: unanswered 0 window probes
|
|
* @icsk_ext_hdr_len: Network protocol overhead (IP/IPv6 options)
|
|
* @icsk_ack: Delayed ACK control data
|
|
* @icsk_mtup; MTU probing control data
|
|
*/
|
|
struct inet_connection_sock {
|
|
/* inet_sock has to be the first member! */
|
|
struct inet_sock icsk_inet;
|
|
struct request_sock_queue icsk_accept_queue;
|
|
struct inet_bind_bucket *icsk_bind_hash;
|
|
unsigned long icsk_timeout;
|
|
struct timer_list icsk_retransmit_timer;
|
|
struct timer_list icsk_delack_timer;
|
|
__u32 icsk_rto;
|
|
__u32 icsk_pmtu_cookie;
|
|
const struct tcp_congestion_ops *icsk_ca_ops;
|
|
const struct inet_connection_sock_af_ops *icsk_af_ops;
|
|
unsigned int (*icsk_sync_mss)(struct sock *sk, u32 pmtu);
|
|
__u8 icsk_ca_state:7,
|
|
icsk_ca_dst_locked:1;
|
|
__u8 icsk_retransmits;
|
|
__u8 icsk_pending;
|
|
__u8 icsk_backoff;
|
|
__u8 icsk_syn_retries;
|
|
__u8 icsk_probes_out;
|
|
__u16 icsk_ext_hdr_len;
|
|
struct {
|
|
__u8 pending; /* ACK is pending */
|
|
__u8 quick; /* Scheduled number of quick acks */
|
|
__u8 pingpong; /* The session is interactive */
|
|
__u8 blocked; /* Delayed ACK was blocked by socket lock */
|
|
__u32 ato; /* Predicted tick of soft clock */
|
|
unsigned long timeout; /* Currently scheduled timeout */
|
|
__u32 lrcvtime; /* timestamp of last received data packet */
|
|
__u16 last_seg_size; /* Size of last incoming segment */
|
|
__u16 rcv_mss; /* MSS used for delayed ACK decisions */
|
|
} icsk_ack;
|
|
struct {
|
|
int enabled;
|
|
|
|
/* Range of MTUs to search */
|
|
int search_high;
|
|
int search_low;
|
|
|
|
/* Information on the current probe. */
|
|
int probe_size;
|
|
|
|
u32 probe_timestamp;
|
|
} icsk_mtup;
|
|
u32 icsk_ca_priv[16];
|
|
u32 icsk_user_timeout;
|
|
#define ICSK_CA_PRIV_SIZE (16 * sizeof(u32))
|
|
};
|
|
|
|
#define ICSK_TIME_RETRANS 1 /* Retransmit timer */
|
|
#define ICSK_TIME_DACK 2 /* Delayed ack timer */
|
|
#define ICSK_TIME_PROBE0 3 /* Zero window probe timer */
|
|
#define ICSK_TIME_EARLY_RETRANS 4 /* Early retransmit timer */
|
|
#define ICSK_TIME_LOSS_PROBE 5 /* Tail loss probe timer */
|
|
|
|
static inline struct inet_connection_sock *inet_csk(const struct sock *sk)
|
|
{
|
|
return (struct inet_connection_sock *)sk;
|
|
}
|
|
|
|
static inline void *inet_csk_ca(const struct sock *sk)
|
|
{
|
|
return (void *)inet_csk(sk)->icsk_ca_priv;
|
|
}
|
|
|
|
struct sock *inet_csk_clone_lock(const struct sock *sk,
|
|
const struct request_sock *req,
|
|
const gfp_t priority);
|
|
|
|
enum inet_csk_ack_state_t {
|
|
ICSK_ACK_SCHED = 1,
|
|
ICSK_ACK_TIMER = 2,
|
|
ICSK_ACK_PUSHED = 4,
|
|
ICSK_ACK_PUSHED2 = 8
|
|
};
|
|
|
|
void inet_csk_init_xmit_timers(struct sock *sk,
|
|
void (*retransmit_handler)(unsigned long),
|
|
void (*delack_handler)(unsigned long),
|
|
void (*keepalive_handler)(unsigned long));
|
|
void inet_csk_clear_xmit_timers(struct sock *sk);
|
|
|
|
static inline void inet_csk_schedule_ack(struct sock *sk)
|
|
{
|
|
inet_csk(sk)->icsk_ack.pending |= ICSK_ACK_SCHED;
|
|
}
|
|
|
|
static inline int inet_csk_ack_scheduled(const struct sock *sk)
|
|
{
|
|
return inet_csk(sk)->icsk_ack.pending & ICSK_ACK_SCHED;
|
|
}
|
|
|
|
static inline void inet_csk_delack_init(struct sock *sk)
|
|
{
|
|
memset(&inet_csk(sk)->icsk_ack, 0, sizeof(inet_csk(sk)->icsk_ack));
|
|
}
|
|
|
|
void inet_csk_delete_keepalive_timer(struct sock *sk);
|
|
void inet_csk_reset_keepalive_timer(struct sock *sk, unsigned long timeout);
|
|
|
|
#ifdef INET_CSK_DEBUG
|
|
extern const char inet_csk_timer_bug_msg[];
|
|
#endif
|
|
|
|
static inline void inet_csk_clear_xmit_timer(struct sock *sk, const int what)
|
|
{
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0) {
|
|
icsk->icsk_pending = 0;
|
|
#ifdef INET_CSK_CLEAR_TIMERS
|
|
sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
|
|
#endif
|
|
} else if (what == ICSK_TIME_DACK) {
|
|
icsk->icsk_ack.blocked = icsk->icsk_ack.pending = 0;
|
|
#ifdef INET_CSK_CLEAR_TIMERS
|
|
sk_stop_timer(sk, &icsk->icsk_delack_timer);
|
|
#endif
|
|
}
|
|
#ifdef INET_CSK_DEBUG
|
|
else {
|
|
pr_debug("%s", inet_csk_timer_bug_msg);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Reset the retransmission timer
|
|
*/
|
|
static inline void inet_csk_reset_xmit_timer(struct sock *sk, const int what,
|
|
unsigned long when,
|
|
const unsigned long max_when)
|
|
{
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
if (when > max_when) {
|
|
#ifdef INET_CSK_DEBUG
|
|
pr_debug("reset_xmit_timer: sk=%p %d when=0x%lx, caller=%p\n",
|
|
sk, what, when, current_text_addr());
|
|
#endif
|
|
when = max_when;
|
|
}
|
|
|
|
if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0 ||
|
|
what == ICSK_TIME_EARLY_RETRANS || what == ICSK_TIME_LOSS_PROBE) {
|
|
icsk->icsk_pending = what;
|
|
icsk->icsk_timeout = jiffies + when;
|
|
sk_reset_timer(sk, &icsk->icsk_retransmit_timer, icsk->icsk_timeout);
|
|
} else if (what == ICSK_TIME_DACK) {
|
|
icsk->icsk_ack.pending |= ICSK_ACK_TIMER;
|
|
icsk->icsk_ack.timeout = jiffies + when;
|
|
sk_reset_timer(sk, &icsk->icsk_delack_timer, icsk->icsk_ack.timeout);
|
|
}
|
|
#ifdef INET_CSK_DEBUG
|
|
else {
|
|
pr_debug("%s", inet_csk_timer_bug_msg);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
static inline unsigned long
|
|
inet_csk_rto_backoff(const struct inet_connection_sock *icsk,
|
|
unsigned long max_when)
|
|
{
|
|
u64 when = (u64)icsk->icsk_rto << icsk->icsk_backoff;
|
|
|
|
return (unsigned long)min_t(u64, when, max_when);
|
|
}
|
|
|
|
struct sock *inet_csk_accept(struct sock *sk, int flags, int *err);
|
|
|
|
struct request_sock *inet_csk_search_req(struct sock *sk,
|
|
const __be16 rport,
|
|
const __be32 raddr,
|
|
const __be32 laddr);
|
|
int inet_csk_bind_conflict(const struct sock *sk,
|
|
const struct inet_bind_bucket *tb, bool relax);
|
|
int inet_csk_get_port(struct sock *sk, unsigned short snum);
|
|
|
|
struct dst_entry *inet_csk_route_req(struct sock *sk, struct flowi4 *fl4,
|
|
const struct request_sock *req);
|
|
struct dst_entry *inet_csk_route_child_sock(struct sock *sk, struct sock *newsk,
|
|
const struct request_sock *req);
|
|
|
|
static inline void inet_csk_reqsk_queue_add(struct sock *sk,
|
|
struct request_sock *req,
|
|
struct sock *child)
|
|
{
|
|
reqsk_queue_add(&inet_csk(sk)->icsk_accept_queue, req, sk, child);
|
|
}
|
|
|
|
void inet_csk_reqsk_queue_hash_add(struct sock *sk, struct request_sock *req,
|
|
unsigned long timeout);
|
|
|
|
static inline void inet_csk_reqsk_queue_removed(struct sock *sk,
|
|
struct request_sock *req)
|
|
{
|
|
reqsk_queue_removed(&inet_csk(sk)->icsk_accept_queue, req);
|
|
}
|
|
|
|
static inline void inet_csk_reqsk_queue_added(struct sock *sk,
|
|
const unsigned long timeout)
|
|
{
|
|
reqsk_queue_added(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_len(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_is_full(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline void inet_csk_reqsk_queue_unlink(struct sock *sk,
|
|
struct request_sock *req)
|
|
{
|
|
reqsk_queue_unlink(&inet_csk(sk)->icsk_accept_queue, req);
|
|
}
|
|
|
|
static inline void inet_csk_reqsk_queue_drop(struct sock *sk,
|
|
struct request_sock *req)
|
|
{
|
|
inet_csk_reqsk_queue_unlink(sk, req);
|
|
inet_csk_reqsk_queue_removed(sk, req);
|
|
reqsk_put(req);
|
|
}
|
|
|
|
void inet_csk_destroy_sock(struct sock *sk);
|
|
void inet_csk_prepare_forced_close(struct sock *sk);
|
|
|
|
/*
|
|
* LISTEN is a special case for poll..
|
|
*/
|
|
static inline unsigned int inet_csk_listen_poll(const struct sock *sk)
|
|
{
|
|
return !reqsk_queue_empty(&inet_csk(sk)->icsk_accept_queue) ?
|
|
(POLLIN | POLLRDNORM) : 0;
|
|
}
|
|
|
|
int inet_csk_listen_start(struct sock *sk, const int nr_table_entries);
|
|
void inet_csk_listen_stop(struct sock *sk);
|
|
|
|
void inet_csk_addr2sockaddr(struct sock *sk, struct sockaddr *uaddr);
|
|
|
|
int inet_csk_compat_getsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
int inet_csk_compat_setsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
|
|
struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu);
|
|
#endif /* _INET_CONNECTION_SOCK_H */
|