net: sk_add_backlog() take rmem_alloc into account

Current socket backlog limit is not enough to really stop DDOS attacks, because user thread spend many time to process a full backlog each round, and user might crazy spin on socket lock. We should add backlog size and receive_queue size (aka rmem_alloc) to pace writers, and let user run without being slow down too much. Introduce a sk_rcvqueues_full() helper, to avoid taking socket lock in stress situations. Under huge stress from a multiqueue/RPS enabled NIC, a single flow udp receiver can now process ~200.000 pps (instead of ~100 pps before the patch) on a 8 core machine. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <eric.dumazet@gmail.com> 2010-04-27 15:13:20 -0700
committer: David S. Miller <davem@davemloft.net> 2010-04-27 15:13:20 -0700
commit: c377411f2494a931ff7facdbb3a6839b1266bcf6 (patch)
tree: 6846cdcec913f50839e3916856f78f7e059ff5fb /net/ipv4/udp.c
parent: 6e7676c1a76aed6e957611d8d7a9e5592e23aeba (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index fa3d2874db41..63eb56b2d873 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1372,6 +1372,10 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
 			goto drop;
 	}
 
+
+	if (sk_rcvqueues_full(sk, skb))
+		goto drop;
+
 	rc = 0;
 
 	bh_lock_sock(sk);
author	Eric Dumazet <eric.dumazet@gmail.com>	2010-04-27 15:13:20 -0700
committer	David S. Miller <davem@davemloft.net>	2010-04-27 15:13:20 -0700
commit	c377411f2494a931ff7facdbb3a6839b1266bcf6 (patch)
tree	6846cdcec913f50839e3916856f78f7e059ff5fb /net/ipv4/udp.c
parent	6e7676c1a76aed6e957611d8d7a9e5592e23aeba (diff)