git.baikalelectronics.ru Git - kernel.git/commit

author	Jesper Dangaard Brouer <brouer@redhat.com>
	Mon, 9 Jan 2017 15:04:09 +0000 (16:04 +0100)
committer	David S. Miller <davem@davemloft.net>
	Mon, 9 Jan 2017 20:49:12 +0000 (15:49 -0500)
commit	b9b4567f21f2eec3266b031960859551e03040ce
tree	0f2653a5fe55f21588ada02923b2e68edec5c7a7	tree \| snapshot
parent	056414e8a7a2f105affac2ee8d0ea81ff71b6692	commit \| diff

net: reduce cycles spend on ICMP replies that gets rate limited

This patch split the global and per (inet)peer ICMP-reply limiter
code, and moves the global limit check to earlier in the packet
processing path.  Thus, avoid spending cycles on ICMP replies that
gets limited/suppressed anyhow.

The global ICMP rate limiter icmp_global_allow() is a good solution,
it just happens too late in the process.  The kernel goes through the
full route lookup (return path) for the ICMP message, before taking
the rate limit decision of not sending the ICMP reply.

Details: The kernels global rate limiter for ICMP messages got added
in commit 0fcdcc7c3da1 ("icmp: add a global rate limitation").  It is
a token bucket limiter with a global lock.  It brilliantly avoids
locking congestion by only updating when 20ms (HZ/50) were elapsed. It
can then avoids taking lock when credit is exhausted (when under
pressure) and time constraint for refill is not yet meet.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/icmp.c		diff \| blob \| history
net/ipv6/icmp.c		diff \| blob \| history