IP defrag processing is one of the remaining problematic layer in linux. It uses static hash tables of 1024 buckets, and up to 128 items per bucket.
A work queue is supposed to garbage collect items when host is under memory pressure, and doing a hash rebuild, changing seed used in hash computations. This work queue blocks softirqs for up to 25 ms when doing a hash rebuild, occurring every 5 seconds if host is under fire. Then there is the problem of sharing this hash table for all netns. It is time to switch to rhashtables, and allocate one of them per netns to speedup netns dismantle, since this is a critical metric these days. Lookup is now using RCU, and 64bit hosts can now provision whatever amount of memory needed to handle the expected workloads. Eric Dumazet (6): ipv6: frag: remove unused field inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: break the 2GB limit for frags storage Documentation/networking/ip-sysctl.txt | 13 +- include/net/inet_frag.h | 134 ++++---- include/net/ip.h | 1 - include/net/ipv6.h | 28 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 140 ++++---- net/ipv4/inet_fragment.c | 404 +++++------------------- net/ipv4/ip_fragment.c | 199 ++++++------ net/ipv4/proc.c | 6 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 96 +++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 182 ++++++----- 12 files changed, 450 insertions(+), 784 deletions(-) -- 2.17.0.rc1.321.gba9d0f2565-goog
