summaryrefslogtreecommitdiff
path: root/include/net/ipv6.h
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2013-02-21 16:18:52 +0400
committerDavid S. Miller <davem@davemloft.net>2013-02-22 03:15:58 +0400
commit08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664 (patch)
treefc1d00005fda323296b93064416d255b81fdab73 /include/net/ipv6.h
parent0ab8a9f5fa94ac625c1f19acc48db299416c6d49 (diff)
downloadlinux-08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664.tar.xz
ipv6: use a stronger hash for tcp
It looks like its possible to open thousands of TCP IPv6 sessions on a server, all landing in a single slot of TCP hash table. Incoming packets have to lookup sockets in a very long list. We should hash all bits from foreign IPv6 addresses, using a salt and hash mix, not a simple XOR. inet6_ehashfn() can also separately use the ports, instead of xoring them. Reported-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/ipv6.h')
-rw-r--r--include/net/ipv6.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 851d5412a299..64d12e77719a 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -15,6 +15,7 @@
#include <linux/ipv6.h>
#include <linux/hardirq.h>
+#include <linux/jhash.h>
#include <net/if_inet6.h>
#include <net/ndisc.h>
#include <net/flow.h>
@@ -514,6 +515,17 @@ static inline u32 ipv6_addr_hash(const struct in6_addr *a)
#endif
}
+/* more secured version of ipv6_addr_hash() */
+static inline u32 ipv6_addr_jhash(const struct in6_addr *a)
+{
+ u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1];
+
+ return jhash_3words(v,
+ (__force u32)a->s6_addr32[2],
+ (__force u32)a->s6_addr32[3],
+ ipv6_hash_secret);
+}
+
static inline bool ipv6_addr_loopback(const struct in6_addr *a)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64