From: Eric Dumazet <eric.dumazet@gmail.com>
To: Yafang Shao <laoar.shao@gmail.com>,
Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
netdev@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH net-next] net: init sk_cookie for inet socket
Date: Tue, 24 Apr 2018 04:41:37 -0700 [thread overview]
Message-ID: <67a158d9-cd33-8c28-39c3-9cead4107205@gmail.com> (raw)
In-Reply-To: <CALOAHbDpgOckQhW7_Ysi-F2HCoZW4RKSdUuvTquELJZsaMj6Lg@mail.gmail.com>
On 04/23/2018 09:39 PM, Yafang Shao wrote:
> On Tue, Apr 24, 2018 at 12:09 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>
>>
>> On 04/23/2018 08:58 AM, David Miller wrote:
>>> From: Yafang Shao <laoar.shao@gmail.com>
>>> Date: Sun, 22 Apr 2018 21:50:04 +0800
>>>
>>>> With sk_cookie we can identify a socket, that is very helpful for
>>>> traceing and statistic, i.e. tcp tracepiont and ebpf.
>>>> So we'd better init it by default for inet socket.
>>>> When using it, we just need call atomic64_read(&sk->sk_cookie).
>>>>
>>>> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
>>>
>>> Applied, thank you.
>>>
>>
>> This is adding yet another atomic_inc on a global cache line.
>>
>
> That's a trade-off.
>
>> Most applications do not need the cookie being ever set.
>>
>> The existing mechanism was fine. Set it on demand.
>
> There are some drawback in the existing mechanism.
> - we have to set the net->cookie_gen and then sk->sk_cookie when we
> want to get the sk_cookie, that's a little expensive as well.
Same cost.
> After that change, sock_gen_cookie() could be replaced by
> atomic64_read(&sk->sk_cookie) in most places.
Same cost than the helper.
>
> - If the application want to get the sk_cookie, it must set it first.
> What if the application don't have the permision to write?
> Furthermore, maybe it is a security concern ?
Maybe ? Please elaborate.
Your patch destroys SYNFLOOD behavior.
I have spent months of work solving the SYNFLOOD behavior, your patch crushes it.
I am not that happy.
Please revert this patch.
Thank you.
next prev parent reply other threads:[~2018-04-24 11:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-22 13:50 [PATCH net-next] net: init sk_cookie for inet socket Yafang Shao
2018-04-23 15:58 ` David Miller
2018-04-23 16:09 ` Eric Dumazet
2018-04-24 4:39 ` Yafang Shao
2018-04-24 11:41 ` Eric Dumazet [this message]
2018-04-24 11:47 ` Yafang Shao
2018-04-24 12:37 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67a158d9-cd33-8c28-39c3-9cead4107205@gmail.com \
--to=eric.dumazet@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=davem@davemloft.net \
--cc=laoar.shao@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.