From: Eric Dumazet <eric.duma...@gmail.com> Date: Sun, 24 May 2015 14:49:35 -0700
> From: Eric Dumazet <eduma...@google.com> > > A long standing problem on busy servers is the tiny available TCP port > range (/proc/sys/net/ipv4/ip_local_port_range) and the default > sequential allocation of source ports in connect() system call. > > If a host is having a lot of active TCP sessions, chances are > very high that all ports are in use by at least one flow, > and subsequent bind(0) attempts fail, or have to scan a big portion of > space to find a slot. > > In this patch, I changed the starting point in __inet_hash_connect() > so that we try to favor even [1] ports, leaving odd ports for bind() > users. > > We still perform a sequential search, so there is no guarantee, but > if connect() targets are very different, end result is we leave > more ports available to bind(), and we spread them all over the range, > lowering time for both connect() and bind() to find a slot. > > This strategy only works well if /proc/sys/net/ipv4/ip_local_port_range > is even, ie if start/end values have different parity. > > Therefore, default /proc/sys/net/ipv4/ip_local_port_range was changed to > 32768 - 60999 (instead of 32768 - 61000) > > There is no change on security aspects here, only some poor hashing > schemes could be eventually impacted by this change. > > [1] : The odd/even property depends on ip_local_port_range values parity > > Signed-off-by: Eric Dumazet <eduma...@google.com> Looks fine, applied, thanks Eric. Arguably, we might want to emit a warning if the user sets the port range sysctl non-even. But that's up to you. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
