On Wed, 2010-04-14 at 08:58 +0800, Herbert Xu wrote: > On Tue, Apr 13, 2010 at 08:31:03PM +0200, Eric Dumazet wrote: > > > > Herbert Acked your patch, so I guess its OK, but I think it can be > > dangerous. > > The tun socket accounting was never designed to stop it from > flooding another tun interface. It's there to stop it from > transmitting above a destination interface TX bandwidth and > cause unnecessary packet drops. It also limits the total amount > of kernel memory that can be pinned down by a single tun interface. > > In this case, all we're doing is shifting the accounting from the > "hardware" queue to the qdisc queue. > > So your ability to flood a tun interface is essentially unchanged.
I've just been looking at VPN performance, using netperf to flood an openconnect/ocserv connection over GigE and profiling my VPN client. If I run netperf over the *unencrypted* link, it only sends 1Gb/s of packets — because the packets are correctly accounted to netperf's UDP socket until the moment they're actually transmitted on the wire, and the backpressure works correctly. When I run over the VPN, netperf thinks it sent 2½ times the amount of TX traffic. Packets are being dropped by the tun device before even feeding them up to the VPN client to be sent — presumably because of this skb_orphan() call. (The client itself should do the right thing, and only suck packets out of the tun at the rate it can shove them out *its* UDP socket.) Did we ever look at the alternative solution of taking ownership only after a timeout, or on demand when we need to shut down the device? -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
