• Paolo Abeni's avatar
    udp: perform source validation for mcast early demux · bc044e8d
    Paolo Abeni authored
    The UDP early demux can leverate the rx dst cache even for
    multicast unconnected sockets.
    
    In such scenario the ipv4 source address is validated only on
    the first packet in the given flow. After that, when we fetch
    the dst entry  from the socket rx cache, we stop enforcing
    the rp_filter and we even start accepting any kind of martian
    addresses.
    
    Disabling the dst cache for unconnected multicast socket will
    cause large performace regression, nearly reducing by half the
    max ingress tput.
    
    Instead we factor out a route helper to completely validate an
    skb source address for multicast packets and we call it from
    the UDP early demux for mcast packets landing on unconnected
    sockets, after successful fetching the related cached dst entry.
    
    This still gives a measurable, but limited performance
    regression:
    
    		rp_filter = 0		rp_filter = 1
    edmux disabled:	1182 Kpps		1127 Kpps
    edmux before:	2238 Kpps		2238 Kpps
    edmux after:	2037 Kpps		2019 Kpps
    
    The above figures are on top of current net tree.
    Applying the net-next commit 6e617de8 ("net: avoid a full
    fib lookup when rp_filter is disabled.") the delta with
    rp_filter == 0 will decrease even more.
    
    Fixes: 421b3885 ("udp: ipv4: Add udp early demux")
    Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    bc044e8d
udp.c 72.7 KB