• Eric Dumazet's avatar
    ipv4: tcp: remove per net tcp_sock · be9f4a44
    Eric Dumazet authored
    tcp_v4_send_reset() and tcp_v4_send_ack() use a single socket
    per network namespace.
    
    This leads to bad behavior on multiqueue NICS, because many cpus
    contend for the socket lock and once socket lock is acquired, extra
    false sharing on various socket fields slow down the operations.
    
    To better resist to attacks, we use a percpu socket. Each cpu can
    run without contention, using appropriate memory (local node)
    
    Additional features :
    
    1) We also mirror the queue_mapping of the incoming skb, so that
    answers use the same queue if possible.
    
    2) Setting SOCK_USE_WRITE_QUEUE socket flag speedup sock_wfree()
    
    3) We now limit the number of in-flight RST/ACK [1] packets
    per cpu, instead of per namespace, and we honor the sysctl_wmem_default
    limit dynamically. (Prior to this patch, sysctl_wmem_default value was
    copied at boot time, so any further change would not affect tcp_sock
    limit)
    
    [1] These packets are only generated when no socket was matched for
    the incoming packet.
    Reported-by: default avatarBill Sommerfeld <wsommerfeld@google.com>
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Cc: Tom Herbert <therbert@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    be9f4a44
ipv4.h 1.89 KB