linux/net/core
Willem de Bruijn 99bbc70741 rps: selective flow shedding during softnet overflow
A cpu executing the network receive path sheds packets when its input
queue grows to netdev_max_backlog. A single high rate flow (such as a
spoofed source DoS) can exceed a single cpu processing rate and will
degrade throughput of other flows hashed onto the same cpu.

This patch adds a more fine grained hashtable. If the netdev backlog
is above a threshold, IRQ cpus track the ratio of total traffic of
each flow (using 4096 buckets, configurable). The ratio is measured
by counting the number of packets per flow over the last 256 packets
from the source cpu. Any flow that occupies a large fraction of this
(set at 50%) will see packet drop while above the threshold.

Tested:
Setup is a muli-threaded UDP echo server with network rx IRQ on cpu0,
kernel receive (RPS) on cpu0 and application threads on cpus 2--7
each handling 20k req/s. Throughput halves when hit with a 400 kpps
antagonist storm. With this patch applied, antagonist overload is
dropped and the server processes its complete load.

The patch is effective when kernel receive processing is the
bottleneck. The above RPS scenario is a extreme, but the same is
reached with RFS and sufficient kernel processing (iptables, packet
socket tap, ..).

Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-20 13:48:04 -07:00
..
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
dev_addr_lists.c net: add dev_uc_sync_multiple() and dev_mc_sync_multiple() api 2013-04-15 16:10:47 -04:00
dev_ioctl.c net: move ioctl functions into a separated file 2013-02-18 12:27:32 -05:00
dev.c rps: selective flow shedding during softnet overflow 2013-05-20 13:48:04 -07:00
drop_monitor.c drop_monitor: dont sleep in atomic context 2012-06-04 11:42:01 -04:00
dst.c net: add skb_dst_set_noref_force 2013-04-02 00:22:53 +02:00
ethtool.c net: vlan,ethtool: netdev_features_t is more than 32 bit 2013-05-02 13:58:12 -04:00
fib_rules.c rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
filter.c filter: add ANC_PAY_OFFSET instruction for loading payload start offset 2013-03-20 13:15:45 -04:00
flow_dissector.c net: flow_dissector: add __skb_get_poff to get a start offset to payload 2013-03-20 13:15:45 -04:00
flow.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-01 13:36:50 -04:00
gen_estimator.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
gen_stats.c gen_stats: Stop using NLA_PUT*(). 2012-04-02 04:33:44 -04:00
iovec.c net: get rid of some pointless casts to sockaddr 2012-03-11 19:11:22 -07:00
link_watch.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
Makefile net: move procfs code to net/core/net-procfs.c 2013-02-19 00:51:10 -05:00
neighbour.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
net_namespace.c proc: Split the namespace stuff out into linux/proc_ns.h 2013-05-01 17:29:39 -04:00
net-procfs.c rps: selective flow shedding during softnet overflow 2013-05-20 13:48:04 -07:00
net-sysfs.c rps_dev_flow_table_release(): no need to delay vfree() 2013-05-06 11:06:51 -04:00
net-sysfs.h
net-traces.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
netevent.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
netpoll.c netpoll: inverted down_trylock() test 2013-05-06 11:06:52 -04:00
netprio_cgroup.c Revert "netprio_cgroup: make local table static" 2013-04-12 03:06:44 -04:00
pktgen.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
request_sock.c tcp: fix a panic on UP machines in reqsk_fastopen_remove 2013-01-14 18:10:05 -05:00
rtnetlink.c net: fix address check in rtnl_fdb_del 2013-04-25 04:14:08 -04:00
scm.c netprio_cgroup: remove task_struct parameter from sock_update_netprio() 2013-04-09 13:19:37 -04:00
secure_seq.c net: defer net_secret[] initialization 2013-04-29 15:14:02 -04:00
skbuff.c packet: tx timestamping on tpacket ring 2013-04-25 01:22:22 -04:00
sock_diag.c sock_diag: allow to dump bpf filters 2013-04-29 13:21:30 -04:00
sock.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
stream.c
sysctl_net_core.c rps: selective flow shedding during softnet overflow 2013-05-20 13:48:04 -07:00
timestamping.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
user_dma.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
utils.c net: core: let's use native isxdigit instead of custom 2013-03-27 12:48:32 -04:00