aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2013-02-21 07:18:52 -0500
committerDavid S. Miller <davem@davemloft.net>2013-02-21 18:15:58 -0500
commit08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664 (patch)
treefc1d00005fda323296b93064416d255b81fdab73 /include/net
parent0ab8a9f5fa94ac625c1f19acc48db299416c6d49 (diff)
ipv6: use a stronger hash for tcp
It looks like its possible to open thousands of TCP IPv6 sessions on a server, all landing in a single slot of TCP hash table. Incoming packets have to lookup sockets in a very long list. We should hash all bits from foreign IPv6 addresses, using a salt and hash mix, not a simple XOR. inet6_ehashfn() can also separately use the ports, instead of xoring them. Reported-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/inet6_hashtables.h8
-rw-r--r--include/net/inet_sock.h1
-rw-r--r--include/net/ipv6.h12
3 files changed, 17 insertions, 4 deletions
diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h
index 7ca75cbbf75e..fd4ee016ba5c 100644
--- a/include/net/inet6_hashtables.h
+++ b/include/net/inet6_hashtables.h
@@ -28,16 +28,16 @@
28 28
29struct inet_hashinfo; 29struct inet_hashinfo;
30 30
31/* I have no idea if this is a good hash for v6 or not. -DaveM */
32static inline unsigned int inet6_ehashfn(struct net *net, 31static inline unsigned int inet6_ehashfn(struct net *net,
33 const struct in6_addr *laddr, const u16 lport, 32 const struct in6_addr *laddr, const u16 lport,
34 const struct in6_addr *faddr, const __be16 fport) 33 const struct in6_addr *faddr, const __be16 fport)
35{ 34{
36 u32 ports = (lport ^ (__force u16)fport); 35 u32 ports = (((u32)lport) << 16) | (__force u32)fport;
37 36
38 return jhash_3words((__force u32)laddr->s6_addr32[3], 37 return jhash_3words((__force u32)laddr->s6_addr32[3],
39 (__force u32)faddr->s6_addr32[3], 38 ipv6_addr_jhash(faddr),
40 ports, inet_ehash_secret + net_hash_mix(net)); 39 ports,
40 inet_ehash_secret + net_hash_mix(net));
41} 41}
42 42
43static inline int inet6_sk_ehashfn(const struct sock *sk) 43static inline int inet6_sk_ehashfn(const struct sock *sk)
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index a4196cbc84ec..7235ae73a1e8 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -203,6 +203,7 @@ static inline void inet_sk_copy_descendant(struct sock *sk_to,
203extern int inet_sk_rebuild_header(struct sock *sk); 203extern int inet_sk_rebuild_header(struct sock *sk);
204 204
205extern u32 inet_ehash_secret; 205extern u32 inet_ehash_secret;
206extern u32 ipv6_hash_secret;
206extern void build_ehash_secret(void); 207extern void build_ehash_secret(void);
207 208
208static inline unsigned int inet_ehashfn(struct net *net, 209static inline unsigned int inet_ehashfn(struct net *net,
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 851d5412a299..64d12e77719a 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -15,6 +15,7 @@
15 15
16#include <linux/ipv6.h> 16#include <linux/ipv6.h>
17#include <linux/hardirq.h> 17#include <linux/hardirq.h>
18#include <linux/jhash.h>
18#include <net/if_inet6.h> 19#include <net/if_inet6.h>
19#include <net/ndisc.h> 20#include <net/ndisc.h>
20#include <net/flow.h> 21#include <net/flow.h>
@@ -514,6 +515,17 @@ static inline u32 ipv6_addr_hash(const struct in6_addr *a)
514#endif 515#endif
515} 516}
516 517
518/* more secured version of ipv6_addr_hash() */
519static inline u32 ipv6_addr_jhash(const struct in6_addr *a)
520{
521 u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1];
522
523 return jhash_3words(v,
524 (__force u32)a->s6_addr32[2],
525 (__force u32)a->s6_addr32[3],
526 ipv6_hash_secret);
527}
528
517static inline bool ipv6_addr_loopback(const struct in6_addr *a) 529static inline bool ipv6_addr_loopback(const struct in6_addr *a)
518{ 530{
519#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 531#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64