• Jesper Dangaard Brouer's avatar
    net: increase fragment memory usage limits · c2a93660
    Jesper Dangaard Brouer authored
    Increase the amount of memory usage limits for incomplete
    IP fragments.
    Arguing for new thresh high/low values:
     High threshold = 4 MBytes
     Low  threshold = 3 MBytes
    The fragmentation memory accounting code, tries to account for the
    real memory usage, by measuring both the size of frag queue struct
    (inet_frag_queue (ipv4:ipq/ipv6:frag_queue)) and the SKB's truesize.
    We want to be able to handle/hold-on-to enough fragments, to ensure
    good performance, without causing incomplete fragments to hurt
    scalability, by causing the number of inet_frag_queue to grow too much
    (resulting longer searches for frag queues).
    For IPv4, how much memory does the largest frag consume.
    Maximum size fragment is 64K, which is approx 44 fragments with
    MTU(1500) sized packets. Sizeof(struct ipq) is 200.  A 1500 byte
    packet results in a truesize of 2944 (not 2048 as I first assumed)
      (44*2944)+200 = 129736 bytes
    The current default high thresh of 262144 bytes, is obviously
    problematic, as only two 64K fragments can fit in the queue at the
    same time.
    How many 64K fragment can we fit into 4 MBytes:
      4*2^20/((44*2944)+200) = 32.34 fragment in queues
    An attacker could send a separate/distinct fake fragment packets per
    queue, causing us to allocate one inet_frag_queue per packet, and thus
    attacking the hash table and its lists.
    How many frag queue do we need to store, and given a current hash size
    of 64, what is the average list length.
    Using one MTU sized fragment per inet_frag_queue, each consuming
    (2944+200) 3144 bytes.
      4*2^20/(2944+200) = 1334 frag queues -> 21 avg list length
    An attack could send small fragments, the smallest packet I could send
    resulted in a truesize of 896 bytes (I'm a little surprised by this).
      4*2^20/(896+200)  = 3827 frag queues -> 59 avg list length
    When increasing these number, we also need to followup with
    improvements, that is going to help scalability.  Simply increasing
    the hash size, is not enough as the current implementation does not
    have a per hash bucket locking.
    Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>