On Fri, Dec 01, 2017 at 09:26:46AM -0800, Eric Dumazet wrote:
> On Thu, 2017-11-30 at 15:23 -0800, Martin KaFai Lau wrote:
> > The current listener hashtable is hashed by port only.
> > When a process is listening at many IP addresses with the same port
> > (e.g.
> > [IP1]:443, [IP2]:443... [IPN]:443), the inet[6]_lookup_listener()
> > performance is degraded to a link list. It is prone to syn attack.
> >
> >
>
> ...
>
> > diff --git a/include/net/inet_hashtables.h
> > b/include/net/inet_hashtables.h
> > index 4cce516c41ac..ebce55d694e7 100644
> > --- a/include/net/inet_hashtables.h
> > +++ b/include/net/inet_hashtables.h
> > @@ -152,8 +152,19 @@ struct inet_hashinfo {
> > */
> > struct inet_listen_hashbucket listening_hash[INET_LHT
> > ABLE_SIZE]
> > ____cacheline_aligned_in_smp
> > ;
> > + struct inet_listen_hashbucket *lhash2;
> > + unsigned int lhash2_mask;
> > };
> >
>
> Please move these two fields before listening_hash[], to avoid adding
> another cache line to "struct inet_hashinfo"
>
> ( We have a 16-byte hole there, so lets use it ;) )
Oops. Indeed. Thanks for pointing it out.
