On Wed, Aug 15, 2018 at 09:21:04PM +0800, Mao Wenan wrote: > From: Eric Dumazet <eduma...@google.com> > > Juha-Matti Tilli reported that malicious peers could inject tiny > packets in out_of_order_queue, forcing very expensive calls > to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for > every incoming packet. out_of_order_queue rb-tree can contain > thousands of nodes, iterating over all of them is not nice. > > Before linux-4.9, we would have pruned all packets in ofo_queue > in one go, every XXXX packets. XXXX depends on sk_rcvbuf and skbs > truesize, but is about 7000 packets with tcp_rmem[2] default of 6 MB. > > Since we plan to increase tcp_rmem[2] in the future to cope with > modern BDP, can not revert to the old behavior, without great pain. > > Strategy taken in this patch is to purge ~12.5 % of the queue capacity. > > Fixes: 36a6503fedda ("tcp: refine tcp_prune_ofo_queue() to not drop all > packets") > Signed-off-by: Eric Dumazet <eduma...@google.com> > Reported-by: Juha-Matti Tilli <juha-matti.ti...@iki.fi> > Acked-by: Yuchung Cheng <ych...@google.com> > Acked-by: Soheil Hassas Yeganeh <soh...@google.com> > Signed-off-by: David S. Miller <da...@davemloft.net> > Signed-off-by: root <root@localhost.localdomain>
root? And commit id? thanks, greg k-h