tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ipv4: Namespaceify tcp_max_syn_backlog knob

Different namespace application might require different maximal
number of remembered connection requests.

Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Haishuang Yan and committed by
David S. Miller fee83d09 1946e672

+16 -18
+1
include/net/netns/ipv4.h
··· 122 122 unsigned int sysctl_tcp_notsent_lowat; 123 123 int sysctl_tcp_tw_reuse; 124 124 struct inet_timewait_death_row tcp_death_row; 125 + int sysctl_max_syn_backlog; 125 126 126 127 int sysctl_igmp_max_memberships; 127 128 int sysctl_igmp_max_msf;
+1 -3
include/net/request_sock.h
··· 1 1 /* 2 2 * NET Generic infrastructure for Network protocols. 3 3 * 4 - * Definitions for request_sock 4 + * Definitions for request_sock 5 5 * 6 6 * Authors: Arnaldo Carvalho de Melo <acme@conectiva.com.br> 7 7 * ··· 122 122 if (atomic_dec_and_test(&req->rsk_refcnt)) 123 123 reqsk_free(req); 124 124 } 125 - 126 - extern int sysctl_max_syn_backlog; 127 125 128 126 /* 129 127 * For a TCP Fast Open listener -
-2
net/core/request_sock.c
··· 34 34 * and it will increase in proportion to the memory of machine. 35 35 * Note : Dont forget somaxconn that may limit backlog too. 36 36 */ 37 - int sysctl_max_syn_backlog = 256; 38 - EXPORT_SYMBOL(sysctl_max_syn_backlog); 39 37 40 38 void reqsk_queue_alloc(struct request_sock_queue *queue) 41 39 {
+7 -7
net/ipv4/sysctl_net_ipv4.c
··· 324 324 .proc_handler = proc_dointvec 325 325 }, 326 326 { 327 - .procname = "tcp_max_syn_backlog", 328 - .data = &sysctl_max_syn_backlog, 329 - .maxlen = sizeof(int), 330 - .mode = 0644, 331 - .proc_handler = proc_dointvec 332 - }, 333 - { 334 327 .procname = "inet_peer_threshold", 335 328 .data = &inet_peer_threshold, 336 329 .maxlen = sizeof(int), ··· 949 956 { 950 957 .procname = "tcp_tw_recycle", 951 958 .data = &init_net.ipv4.tcp_death_row.sysctl_tw_recycle, 959 + .maxlen = sizeof(int), 960 + .mode = 0644, 961 + .proc_handler = proc_dointvec 962 + }, 963 + { 964 + .procname = "tcp_max_syn_backlog", 965 + .data = &init_net.ipv4.sysctl_max_syn_backlog, 952 966 .maxlen = sizeof(int), 953 967 .mode = 0644, 954 968 .proc_handler = proc_dointvec
-2
net/ipv4/tcp.c
··· 3378 3378 3379 3379 3380 3380 cnt = tcp_hashinfo.ehash_mask + 1; 3381 - 3382 3381 sysctl_tcp_max_orphans = cnt / 2; 3383 - sysctl_max_syn_backlog = max(128, cnt / 256); 3384 3382 3385 3383 tcp_init_mem(); 3386 3384 /* Set per-socket limits to no more than 1/128 the pressure threshold */
+2 -2
net/ipv4/tcp_input.c
··· 6377 6377 } 6378 6378 /* Kill the following clause, if you dislike this way. */ 6379 6379 else if (!net->ipv4.sysctl_tcp_syncookies && 6380 - (sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 6381 - (sysctl_max_syn_backlog >> 2)) && 6380 + (net->ipv4.sysctl_max_syn_backlog - inet_csk_reqsk_queue_len(sk) < 6381 + (net->ipv4.sysctl_max_syn_backlog >> 2)) && 6382 6382 !tcp_peer_is_proven(req, dst, false, 6383 6383 tmp_opt.saw_tstamp)) { 6384 6384 /* Without syncookies last quarter of
+5 -2
net/ipv4/tcp_ipv4.c
··· 2419 2419 2420 2420 static int __net_init tcp_sk_init(struct net *net) 2421 2421 { 2422 - int res, cpu; 2422 + int res, cpu, cnt; 2423 2423 2424 2424 net->ipv4.tcp_sk = alloc_percpu(struct sock *); 2425 2425 if (!net->ipv4.tcp_sk) ··· 2458 2458 net->ipv4.sysctl_tcp_notsent_lowat = UINT_MAX; 2459 2459 net->ipv4.sysctl_tcp_tw_reuse = 0; 2460 2460 2461 + cnt = tcp_hashinfo.ehash_mask + 1; 2461 2462 net->ipv4.tcp_death_row.sysctl_tw_recycle = 0; 2462 - net->ipv4.tcp_death_row.sysctl_max_tw_buckets = (tcp_hashinfo.ehash_mask + 1) / 2; 2463 + net->ipv4.tcp_death_row.sysctl_max_tw_buckets = (cnt + 1) / 2; 2463 2464 net->ipv4.tcp_death_row.hashinfo = &tcp_hashinfo; 2465 + 2466 + net->ipv4.sysctl_max_syn_backlog = max(128, cnt / 256); 2464 2467 2465 2468 return 0; 2466 2469 fail: