kernel_optimize_test/include/net
Hannes Frederic Sowa df4d92549f ipv4: try to cache dst_entries which would cause a redirect
Not caching dst_entries which cause redirects could be exploited by hosts
on the same subnet, causing a severe DoS attack. This effect aggravated
since commit f886497212 ("ipv4: fix dst race in sk_dst_get()").

Lookups causing redirects will be allocated with DST_NOCACHE set which
will force dst_release to free them via RCU.  Unfortunately waiting for
RCU grace period just takes too long, we can end up with >1M dst_entries
waiting to be released and the system will run OOM. rcuos threads cannot
catch up under high softirq load.

Attaching the flag to emit a redirect later on to the specific skb allows
us to cache those dst_entries thus reducing the pressure on allocation
and deallocation.

This issue was discovered by Marcelo Leitner.

Cc: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Marcelo Leitner <mleitner@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-26 17:28:27 -08:00
..
9p net/9p: remove a comment about pref member which doesn't exist 2014-11-06 14:59:19 -05:00
bluetooth Merge branch 'for-davem-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-12-10 13:17:23 -05:00
caif
irda irda: Convert function pointer arrays and uses to const 2014-12-10 15:33:16 -05:00
iucv
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-12-11 14:27:06 -08:00
netns xfrm: Do not hash socket policies 2014-11-13 11:25:03 +01:00
nfc NFC: hci: Add specific hci macro to not create a pipe 2014-12-02 22:48:13 +01:00
phonet
sctp switch sctp_user_addto_chunk() and sctp_datamsg_from_user() to passing iov_iter 2014-11-24 05:16:40 -05:00
tc_act tc_vlan: fix type of tcfv_push_vid 2014-11-24 16:12:03 -05:00
6lowpan.h ieee802154: 6lowpan: rename process_data and lowpan_process_data 2014-10-27 15:51:16 +01:00
act_api.h
addrconf.h
af_ieee802154.h ieee802154: mac802154: remove FSF address 2014-10-25 08:07:30 +02:00
af_rxrpc.h
af_unix.h
af_vsock.h vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream to msghdr 2014-11-24 05:16:42 -05:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h net: Move bonding headers under include/net 2014-11-10 13:27:49 -05:00
bond_alb.h net: Move bonding headers under include/net 2014-11-10 13:27:49 -05:00
bond_options.h net: Move bonding headers under include/net 2014-11-10 13:27:49 -05:00
bonding.h net: Move bonding headers under include/net 2014-11-10 13:27:49 -05:00
busy_poll.h
cfg80211-wext.h
cfg80211.h cfg80211: clean up beacon loss CQM event 2014-11-26 20:56:42 +01:00
cfg802154.h ieee802154: fix byteorder for short address and panid 2014-11-17 09:49:17 +01:00
checksum.h net: Add remcsum_adjust as common function for remote checksum offload 2014-11-26 12:25:43 -05:00
cipso_ipv4.h
cls_cgroup.h
codel.h
compat.h fold verify_iovec() into copy_msghdr_from_user() 2014-11-19 16:23:49 -05:00
datalink.h
dcbevent.h
dcbnl.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h net: dsa: Add support for reading switch registers with ethtool 2014-10-30 14:54:11 -04:00
dsfield.h
dst_ops.h
dst.h
esp.h
ethoc.h
fib_rules.h
firewire.h
flow_keys.h
flow.h
flowcache.h
fou.h ip_tunnel: Ops registration for secondary encap (fou, gue) 2014-11-12 15:01:35 -05:00
garp.h
gen_stats.h
genetlink.h genetlink: synchronize socket closing and family removal 2015-01-16 17:04:25 -05:00
geneve.h
gre.h
gro_cells.h
gue.h gue: Protocol constants for remote checksum offload 2014-11-05 16:30:03 -05:00
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h ieee802154: remove mlme get_phy callback 2014-11-05 21:53:04 +01:00
if_inet6.h ipv6: remove aca_lock spinlock from struct ifacaddr6 2014-10-14 13:15:15 -04:00
inet_common.h net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks 2014-11-26 15:45:04 -05:00
inet_connection_sock.h
inet_ecn.h
inet_frag.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h ipv6: move INET6_MATCH() to include/net/inet6_hashtables.h 2014-11-05 16:59:04 -05:00
inetpeer.h
ip_fib.h fib_trie: Fix /proc/net/fib_trie when CONFIG_IP_MULTIPLE_TABLES is not defined 2014-12-08 21:14:32 -05:00
ip_tunnels.h ip_tunnel: Ops registration for secondary encap (fou, gue) 2014-11-12 15:01:35 -05:00
ip_vs.h
ip.h ipv4: try to cache dst_entries which would cause a redirect 2015-01-26 17:28:27 -08:00
ip6_checksum.h
ip6_fib.h
ip6_route.h
ip6_tunnel.h ipv6: Allow sending packets through tunnels with wildcard endpoints 2014-11-06 14:19:19 -05:00
ipcomp.h
ipconfig.h
ipv6.h drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets 2014-10-30 20:01:18 -04:00
ipx.h switch ipxrtr_route_packet() from iovec to msghdr 2014-11-24 04:28:49 -05:00
iw_handler.h
lapb.h
lib80211.h lib80211: remove unused print_ssid() 2014-10-14 02:18:27 +02:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h llc: Make llc_conn_ev_qfyr_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h llc: Make llc_sap_action_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_sap.h
llc.h
mac80211.h Revert "mac80211: Fix accounting of the tailroom-needed counter" 2015-01-05 10:33:46 +01:00
mac802154.h mac802154: add interframe spacing time handling 2014-11-13 04:51:58 +01:00
mip6.h
mld.h
mpls.h openvswitch: Add basic MPLS support to kernel 2014-11-05 23:52:33 -08:00
mrp.h
ndisc.h
neighbour.h neigh: remove next ptr from struct neigh_table 2014-12-26 17:07:08 -05:00
net_namespace.h common object embedded into various struct ....ns 2014-12-04 14:31:00 -05:00
net_ratelimit.h
netevent.h
netlabel.h
netlink.h datapath: Rename last_action() as nla_is_last() and move to netlink.h 2014-10-28 17:07:29 -04:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h ieee802154: add new nl802154 header 2014-11-09 19:50:28 +01:00
p8022.h
ping.h icmp: Remove some spurious dropped packet profile hits from the ICMP path 2014-11-18 15:28:28 -05:00
pkt_cls.h
pkt_sched.h
protocol.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h cfg80211: leave invalid channels on regdomain change 2014-11-28 14:33:41 +01:00
request_sock.h
rose.h
route.h
rtnetlink.h
sch_generic.h net: sched: cls: remove unused op put from tcf_proto_ops 2014-12-09 14:49:02 -05:00
scm.h
secure_seq.h
slhc_vj.h
snmp.h Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2014-10-15 07:48:18 +02:00
sock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2014-12-13 13:33:26 -08:00
Space.h
stp.h
switchdev.h bridge: call netdev_sw_port_stp_update when bridge port STP status changes 2014-12-02 20:01:22 -08:00
tcp_memcontrol.h
tcp_states.h
tcp.h net: allow setting ecn via routing table 2014-11-04 16:06:09 -05:00
timewait_sock.h
transp_v6.h
tso.h
udp_tunnel.h udptunnel: Add SKB_GSO_UDP_TUNNEL during gro_complete. 2014-11-10 15:09:45 -05:00
udp.h
udplite.h put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
vsock_addr.h
vxlan.h net: Generalize ndo_gso_check to ndo_features_check 2014-12-26 17:20:56 -05:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h