All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 5d097109 authored by Michael S. Tsirkin's avatar Michael S. Tsirkin Committed by David S. Miller

tun: only queue packets on device

Historically tun supported two modes of operation:
- in default mode, a small number of packets would get queued
  at the device, the rest would be queued in qdisc
- in one queue mode, all packets would get queued at the device

This might have made sense up to a point where we made the
queue depth for both modes the same and set it to
a huge value (500) so unless the consumer
is stuck the chance of losing packets is small.

Thus in practice both modes behave the same, but the
default mode has some problems:
- if packets are never consumed, fragments are never orphaned
  which cases a DOS for sender using zero copy transmit
- overrun errors are hard to diagnose: fifo error is incremented
  only once so you can not distinguish between
  userspace that is stuck and a transient failure,
  tcpdump on the device does not show any traffic

Userspace solves this simply by enabling IFF_ONE_QUEUE
but there seems to be little point in not doing the
right thing for everyone, by default.
Signed-off-by: default avatarMichael S. Tsirkin <>
Signed-off-by: default avatarDavid S. Miller <>
parent 9ba2add3
......@@ -690,21 +690,8 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
* number of queues.
if (skb_queue_len(&tfile->>sk_receive_queue)
>= dev->tx_queue_len / tun->numqueues){
if (!(tun->flags & TUN_ONE_QUEUE)) {
/* Normal queueing mode. */
/* Packet scheduler handles dropping of further packets. */
netif_stop_subqueue(dev, txq);
/* We won't see all dropped packets individually, so overrun
* error is more appropriate. */
} else {
/* Single queue mode.
* Driver handles dropping of all packets itself. */
goto drop;
>= dev->tx_queue_len / tun->numqueues)
goto drop;
/* Orphan the skb - required as we might hang on to it
* for indefinite time. */
......@@ -1319,7 +1306,6 @@ static ssize_t tun_do_read(struct tun_struct *tun, struct tun_file *tfile,
netif_wake_subqueue(tun->dev, tfile->queue_index);
ret = tun_put_user(tun, tfile, skb, iv, len);
......@@ -1482,6 +1468,9 @@ static int tun_flags(struct tun_struct *tun)
if (tun->flags & TUN_NO_PI)
flags |= IFF_NO_PI;
/* This flag has no real effect. We track the value for backwards
* compatibility.
if (tun->flags & TUN_ONE_QUEUE)
flags |= IFF_ONE_QUEUE;
......@@ -1632,6 +1621,9 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
tun->flags &= ~TUN_NO_PI;
/* This flag has no real effect. We track the value for backwards
* compatibility.
if (ifr->ifr_flags & IFF_ONE_QUEUE)
tun->flags |= TUN_ONE_QUEUE;
......@@ -31,6 +31,7 @@
#define TUN_FASYNC 0x0010
#define TUN_NOCHECKSUM 0x0020
#define TUN_NO_PI 0x0040
/* This flag has no real effect */
#define TUN_ONE_QUEUE 0x0080
#define TUN_PERSIST 0x0100
#define TUN_VNET_HDR 0x0200
......@@ -60,6 +61,7 @@
#define IFF_TUN 0x0001
#define IFF_TAP 0x0002
#define IFF_NO_PI 0x1000
/* This flag has no real effect */
#define IFF_ONE_QUEUE 0x2000
#define IFF_VNET_HDR 0x4000
#define IFF_TUN_EXCL 0x8000
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment