diff options
author | Eric Dumazet <edumazet@google.com> | 2013-02-21 07:18:52 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-02-21 18:15:58 -0500 |
commit | 08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664 (patch) | |
tree | fc1d00005fda323296b93064416d255b81fdab73 /include/net | |
parent | 0ab8a9f5fa94ac625c1f19acc48db299416c6d49 (diff) |
ipv6: use a stronger hash for tcp
It looks like its possible to open thousands of TCP IPv6
sessions on a server, all landing in a single slot of TCP hash
table. Incoming packets have to lookup sockets in a very
long list.
We should hash all bits from foreign IPv6 addresses, using
a salt and hash mix, not a simple XOR.
inet6_ehashfn() can also separately use the ports, instead
of xoring them.
Reported-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/inet6_hashtables.h | 8 | ||||
-rw-r--r-- | include/net/inet_sock.h | 1 | ||||
-rw-r--r-- | include/net/ipv6.h | 12 |
3 files changed, 17 insertions, 4 deletions
diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h index 7ca75cbbf75e..fd4ee016ba5c 100644 --- a/include/net/inet6_hashtables.h +++ b/include/net/inet6_hashtables.h | |||
@@ -28,16 +28,16 @@ | |||
28 | 28 | ||
29 | struct inet_hashinfo; | 29 | struct inet_hashinfo; |
30 | 30 | ||
31 | /* I have no idea if this is a good hash for v6 or not. -DaveM */ | ||
32 | static inline unsigned int inet6_ehashfn(struct net *net, | 31 | static inline unsigned int inet6_ehashfn(struct net *net, |
33 | const struct in6_addr *laddr, const u16 lport, | 32 | const struct in6_addr *laddr, const u16 lport, |
34 | const struct in6_addr *faddr, const __be16 fport) | 33 | const struct in6_addr *faddr, const __be16 fport) |
35 | { | 34 | { |
36 | u32 ports = (lport ^ (__force u16)fport); | 35 | u32 ports = (((u32)lport) << 16) | (__force u32)fport; |
37 | 36 | ||
38 | return jhash_3words((__force u32)laddr->s6_addr32[3], | 37 | return jhash_3words((__force u32)laddr->s6_addr32[3], |
39 | (__force u32)faddr->s6_addr32[3], | 38 | ipv6_addr_jhash(faddr), |
40 | ports, inet_ehash_secret + net_hash_mix(net)); | 39 | ports, |
40 | inet_ehash_secret + net_hash_mix(net)); | ||
41 | } | 41 | } |
42 | 42 | ||
43 | static inline int inet6_sk_ehashfn(const struct sock *sk) | 43 | static inline int inet6_sk_ehashfn(const struct sock *sk) |
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h index a4196cbc84ec..7235ae73a1e8 100644 --- a/include/net/inet_sock.h +++ b/include/net/inet_sock.h | |||
@@ -203,6 +203,7 @@ static inline void inet_sk_copy_descendant(struct sock *sk_to, | |||
203 | extern int inet_sk_rebuild_header(struct sock *sk); | 203 | extern int inet_sk_rebuild_header(struct sock *sk); |
204 | 204 | ||
205 | extern u32 inet_ehash_secret; | 205 | extern u32 inet_ehash_secret; |
206 | extern u32 ipv6_hash_secret; | ||
206 | extern void build_ehash_secret(void); | 207 | extern void build_ehash_secret(void); |
207 | 208 | ||
208 | static inline unsigned int inet_ehashfn(struct net *net, | 209 | static inline unsigned int inet_ehashfn(struct net *net, |
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 851d5412a299..64d12e77719a 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
@@ -15,6 +15,7 @@ | |||
15 | 15 | ||
16 | #include <linux/ipv6.h> | 16 | #include <linux/ipv6.h> |
17 | #include <linux/hardirq.h> | 17 | #include <linux/hardirq.h> |
18 | #include <linux/jhash.h> | ||
18 | #include <net/if_inet6.h> | 19 | #include <net/if_inet6.h> |
19 | #include <net/ndisc.h> | 20 | #include <net/ndisc.h> |
20 | #include <net/flow.h> | 21 | #include <net/flow.h> |
@@ -514,6 +515,17 @@ static inline u32 ipv6_addr_hash(const struct in6_addr *a) | |||
514 | #endif | 515 | #endif |
515 | } | 516 | } |
516 | 517 | ||
518 | /* more secured version of ipv6_addr_hash() */ | ||
519 | static inline u32 ipv6_addr_jhash(const struct in6_addr *a) | ||
520 | { | ||
521 | u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1]; | ||
522 | |||
523 | return jhash_3words(v, | ||
524 | (__force u32)a->s6_addr32[2], | ||
525 | (__force u32)a->s6_addr32[3], | ||
526 | ipv6_hash_secret); | ||
527 | } | ||
528 | |||
517 | static inline bool ipv6_addr_loopback(const struct in6_addr *a) | 529 | static inline bool ipv6_addr_loopback(const struct in6_addr *a) |
518 | { | 530 | { |
519 | #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 | 531 | #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 |