Re: patch for caching TCP options with syncookies
you are correct that memory is allocated on a syn with this patch. however, instead of using a large open_request struct and the other resources necessary to track the connection's state, a struct of size 20 B is allocated and stored in a hash table using the ISN (syn_cookie value) as the index into this hash table. the struct caches the window_scale, timestamp, and sack options. it is based on how bsd handles a syn_flood, using a syn_cache in conjunction with syn_cookies. jensen --- John Heffner <[EMAIL PROTECTED]> wrote: > jensen galan wrote: > > greetings! > > > > this is my first creation of a patch for the linux > > kernel. if you have time, could you please take a > look > > at it and give me some feedback. > > > > this patch creates a syn_cache for caching TCP > options > > when syn_cookies are in use (by default, all TCP > > options are lost when using syncookies). > > > > any feedback on the implementation of this cache > would > > also be appreciated. > > > > if anybody's interested, i have also written a > paper > > on this project. > > > > jensen > > It might be good if you could send a link to the > paper. The point of > syncookies is to allocate zero state on a syn > (storing it entirely in > the ISN). I didn't read the patch that carefully > yet, but it looks like > this is allocating memory on a syn. > >-John > > - > To unsubscribe from this list: send the line > "unsubscribe netdev" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at > http://vger.kernel.org/majordomo-info.html > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: patch for caching TCP options with syncookies
jensen galan wrote: greetings! this is my first creation of a patch for the linux kernel. if you have time, could you please take a look at it and give me some feedback. this patch creates a syn_cache for caching TCP options when syn_cookies are in use (by default, all TCP options are lost when using syncookies). any feedback on the implementation of this cache would also be appreciated. if anybody's interested, i have also written a paper on this project. jensen It might be good if you could send a link to the paper. The point of syncookies is to allocate zero state on a syn (storing it entirely in the ISN). I didn't read the patch that carefully yet, but it looks like this is allocating memory on a syn. -John - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: patch for caching TCP options with syncookies
On 3/15/06, jensen galan <[EMAIL PROTECTED]> wrote: > greetings! > > this is my first creation of a patch for the linux > kernel. if you have time, could you please take a look > at it and give me some feedback. > > this patch creates a syn_cache for caching TCP options > when syn_cookies are in use (by default, all TCP > options are lost when using syncookies). > > any feedback on the implementation of this cache would > also be appreciated. Interesting, but... > if anybody's interested, i have also written a paper > on this project. > > jensen > > > diff -Naur linux-2.6.11.11/include/net/tcp.h > linux_new-2.6.11.11/include/net/tcp.h ... can you please update your patch to the latest kernel tree? Preferably David Miller's net-2.6.17 git tree, available at www.kernel.org/git. You'll notice some differences :-) Then repost and we can continue the discussion as I'll probably do some work in this area to support DCCP's Init Cookies. Thanks, - Arnaldo - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
patch for caching TCP options with syncookies
greetings! this is my first creation of a patch for the linux kernel. if you have time, could you please take a look at it and give me some feedback. this patch creates a syn_cache for caching TCP options when syn_cookies are in use (by default, all TCP options are lost when using syncookies). any feedback on the implementation of this cache would also be appreciated. if anybody's interested, i have also written a paper on this project. jensen diff -Naur linux-2.6.11.11/include/net/tcp.h linux_new-2.6.11.11/include/net/tcp.h --- linux-2.6.11.11/include/net/tcp.h 2005-05-27 05:06:46.0 + +++ linux_new-2.6.11.11/include/net/tcp.h 2006-03-15 07:21:39.0 + @@ -669,6 +669,32 @@ } af; }; +/* added struct for caching syn_options */ +struct syn_opt { + struct hlist_node hentry; + __u32 isn_key; + unsigned long expires; + __u8snd_wscale : 4, + tstamp_ok : 1, + sack_ok : 1, + wscale_ok : 1; +}; + +struct syn_hash_bucket { + rwlock_t lock; + struct hlist_head chain; + __u8size; +}; + +extern struct syn_hash_bucket *syn_hasht; +extern struct timer_list synhashtimer; + +/* + * change these values to increase (or decrease) the SYNHASH size + */ +#define SYNHASH_SIZE 512 +#define SYNHASH_BUCKET 30 + /* SLAB cache for open requests. */ extern kmem_cache_t *tcp_openreq_cachep; @@ -681,6 +707,12 @@ tcp_openreq_fastfree(req); } +/* SLAB cache for syn_opt. */ +extern kmem_cache_t *syn_opt_cachep; + +#define syn_opt_alloc() kmem_cache_alloc(syn_opt_cachep, SLAB_ATOMIC) +#define syn_opt_fastfree(syn_req) kmem_cache_free(syn_opt_cachep, syn_req) + #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) #define TCP_INET_FAMILY(fam) ((fam) == AF_INET) #else diff -Naur linux-2.6.11.11/net/ipv4/syncookies.c linux_new-2.6.11.11/net/ipv4/syncookies.c --- linux-2.6.11.11/net/ipv4/syncookies.c 2005-05-27 05:06:46.0 + +++ linux_new-2.6.11.11/net/ipv4/syncookies.c 2006-03-15 07:22:34.0 + @@ -19,6 +19,7 @@ #include #include #include +#include extern int sysctl_tcp_syncookies; @@ -121,6 +122,9 @@ int mss; struct rtable *rt; __u8 rcv_wscale; + struct syn_opt *tmp, *found; + struct hlist_node *pos; + int n; // key for hash table if (!sysctl_tcp_syncookies || !skb->h.th->ack) goto out; @@ -162,11 +166,38 @@ } } - req->snd_wscale = req->rcv_wscale = req->tstamp_ok = 0; - req->wscale_ok = req->sack_ok = 0; + /* look up cached syn options in hash table */ + n = cookie % SYNHASH_SIZE; + read_lock(&syn_hasht[n].lock); + hlist_for_each_entry(tmp, pos, &syn_hasht[n].chain, hentry) { + if (cookie == tmp->isn_key) { + if (!(time_after(jiffies, tmp->expires))) { + found = tmp; + break; + } + // FOUND COOKIE, BUT EXPIRED + else { + found = NULL; + break; + } + } + } + read_unlock(&syn_hasht[n].lock); + + /* must check if found exists. may have expired */ + if (found) { + req->snd_wscale = found->snd_wscale; + req->tstamp_ok = found->tstamp_ok; + req->wscale_ok = found->wscale_ok; + req->sack_ok= found->sack_ok; + } + else { + req->snd_wscale = req->rcv_wscale = req->tstamp_ok = 0; + req->wscale_ok = req->sack_ok = 0; + } req->expires= 0UL; req->retrans= 0; - + /* * We need to lookup the route here to get at the correct * window size. We should better make sure that the window size @@ -194,8 +225,10 @@ req->window_clamp = dst_metric(&rt->u.dst, RTAX_WINDOW); tcp_select_initial_window(tcp_full_space(sk), req->mss, &req->rcv_wnd, &req->window_clamp, - 0, &rcv_wscale); + req->wscale_ok, &rcv_wscale); + /* BTW win scale with syncookies is 0 by definition */ + /* this is not true with syn_cache */ req->rcv_wscale = rcv_wscale; ret = get_cookie_sock(sk, skb, req, &rt->u.dst); diff -Naur linux-2.6.11.11/net/ipv4/tcp.c linux_new-2.6.11.11/net/ipv4/tcp.c --- linux-2.6.11.11/net/ipv4/tcp.c 2005-05-27 05:06:46.0 + +++ linux_new-2.6.11.11/net/ipv4/tcp.c 2006-03-15 07:21:59.0 + @@ -257,6 +257,7 @@ #include #include #include +#include #include #include @@ -272,9 +273,13 @@ DEFINE_SNMP_STAT(struct tcp_mib, tcp_statistics); kmem_cache_t *tcp_openreq_cac