diff options
author | Neil Horman <nhorman@tuxdriver.com> | 2008-10-27 12:28:25 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-10-27 17:06:14 -0700 |
commit | 1080d709fb9d8cd4392f93476ee46a9d6ea05a5b (patch) | |
tree | b87a162b10d98f7d44657d7c9a98bbc7385159fd /security/security.c | |
parent | 1d63e726408dfdb3e10ed8f00c383b30ebb333d3 (diff) |
net: implement emergency route cache rebulds when gc_elasticity is exceeded
This is a patch to provide on demand route cache rebuilding. Currently, our
route cache is rebulid periodically regardless of need. This introduced
unneeded periodic latency. This patch offers a better approach. Using code
provided by Eric Dumazet, we compute the standard deviation of the average hash
bucket chain length while running rt_check_expire. Should any given chain
length grow to larger that average plus 4 standard deviations, we trigger an
emergency hash table rebuild for that net namespace. This allows for the common
case in which chains are well behaved and do not grow unevenly to not incur any
latency at all, while those systems (which may be being maliciously attacked),
only rebuild when the attack is detected. This patch take 2 other factors into
account:
1) chains with multiple entries that differ by attributes that do not affect the
hash value are only counted once, so as not to unduly bias system to rebuilding
if features like QOS are heavily used
2) if rebuilding crosses a certain threshold (which is adjustable via the added
sysctl in this patch), route caching is disabled entirely for that net
namespace, since constant rebuilding is less efficient that no caching at all
Tested successfully by me.
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/security.c')
0 files changed, 0 insertions, 0 deletions