Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp4738978rwj; Tue, 20 Dec 2022 14:29:26 -0800 (PST) X-Google-Smtp-Source: AA0mqf53WFNyHD4nmLfMjcRdSDqHr9t/M/xpHt81eT+JHYpNBFWirXCvR4dR/qfMvPIfWEqF5z1R X-Received: by 2002:a17:906:a95:b0:7c0:f684:9092 with SMTP id y21-20020a1709060a9500b007c0f6849092mr35455371ejf.37.1671575366571; Tue, 20 Dec 2022 14:29:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671575366; cv=none; d=google.com; s=arc-20160816; b=QtLwcDGvqo8UTN0K4J06ehwJ8YtfDsLqSvm4MytqjIj6Bbz77kK9+W9paxYqpfDFC1 8uBUYQXZCg+bnJ6UWX/VV9hPC3bkQ5Gs73fYjGnasi9D/2ySNiQ1hAcDdBGrmAKG8HH9 DsrmEzeXxaoBQpzf7iqnOPQnbFEyB9lgIy4k74PUNXw9GAZ9PVzqoh4JdhcJofpnhlxh ZBroE6aZJ033KB8wxJr6dz8V5o2geT8azolp4/9H9SdrLid3FJhqbZC3b+CmBiBhg80T ppM76IzUMoo0I6cUsCWngysG2xWYsLwfx/Pt51zgGunQtz7+yE1H9D81IJb3j7fvj5Nh N0FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=zKdby5jz1dpXnJrBgCDeZHqY7CetYnf+rddUGWikGd8=; b=fIlM2EzM0JKTsNQeQwM9JmnwbDfhz2Y4l3iQfbLKAQozrD1+PA1RqC2VQ3H14tHGBq GZ2qD2uzuvVx9DrUT9BDPhBvPrJekuUjaFjwqL+RUf99fO4IOsSn47KqQpALwRIFdgHp WHNM2oOt/9D1D26b6+apPo7aF9e0HLkGClf1zLN0NsnMAfdnfmeouf2e9Mq7VLXcRE4T DU4EwmXf6B18fEmUNPuMFkcyq/v163dEa0lpDkkI5/BrGdpfaKJllGSeOjHPD6gisiJ7 C/zepJe6AyBBP19oVAXNhucLmuG4BNmQC7qWGY4jQ3c7g0j0/Yuex2drOHv7RQBk1Tw+ l/Zw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LtuYYUO4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sa26-20020a1709076d1a00b008318885e1ddsi4375435ejc.616.2022.12.20.14.29.10; Tue, 20 Dec 2022 14:29:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LtuYYUO4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233995AbiLTVsw (ORCPT + 68 others); Tue, 20 Dec 2022 16:48:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229451AbiLTVsu (ORCPT ); Tue, 20 Dec 2022 16:48:50 -0500 Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23EB1B867; Tue, 20 Dec 2022 13:48:50 -0800 (PST) Received: by mail-lj1-x234.google.com with SMTP id v11so13774957ljk.12; Tue, 20 Dec 2022 13:48:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=zKdby5jz1dpXnJrBgCDeZHqY7CetYnf+rddUGWikGd8=; b=LtuYYUO4y4anNRiDR9VxdCz9svNTEEzoi2IJE7Pr+nOG55Vtu0ZImP/8W71R3G5n94 6ozdzrhj7jctdQj2v4Ucy669R8l0R7/KczTwZApy/tPj9ZTA522l5zf5tcm8zBnKC54q 2xIkgk1eLVV5cJ7x+nAGwO/T4GE15a7iVQR7ucjoc5bj4nwKJmUqlKvxBZSoGuv9Nezt 11MLvkjgYLbs0pXj5DxXffqWFp6FzFRHdWmxseyR0VtbVBfq+/QyU7pbljX8Xb/dqfCv BhOCYdlQcT5lnoBdobE08OsEHvQkfZyxgaZMNDolTHTEDZoTJ+TF0X/Xim8TXz+5HUkd n6RQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zKdby5jz1dpXnJrBgCDeZHqY7CetYnf+rddUGWikGd8=; b=jm5o7aJEs6qxjotVNjC9SoFHlDWyMH5tmmdJ8M54p0XkTy0KAUs4MMLs8bwG/tc08Q 3F6gWCvYb7zgYF77ntB9vNqizLfzuT9uFEZbYNoz5i5hPEi54vrsaqDut/kwsaGQWH1p kTI877KDRwtvMjC3hScV2gZhSFFW5oqeh1xp3EUcVcDWdIpchEefcjGYhTEvTR+xdPkU q/N6hv5R2k1turPJS5lJ3rPj8tGcvpNi7Pg2YMKltnCjcpzk8O/GwZ2RGaqHVjqW/9y3 tQxkQLzZkAj7MAGJq7yjhJPnhvs+bg42YTS6oGanXpbB6fm5stXuWtpdRk7lQxUJCk9R Elbg== X-Gm-Message-State: ANoB5pkrWDfqqBPgB73SKMfl6C2ifHNQetz6g2GDnIkpD3Xf1ETsC5Z9 0Ts9NWTat8TeJcBijtqaQzD2fT+oXjZMESGaPqs= X-Received: by 2002:a2e:bc0b:0:b0:27b:5a9f:3bf5 with SMTP id b11-20020a2ebc0b000000b0027b5a9f3bf5mr1880153ljf.320.1671572928246; Tue, 20 Dec 2022 13:48:48 -0800 (PST) MIME-Version: 1.0 References: <20221218234801.579114-1-jmaxwell37@gmail.com> <9f145202ca6a59b48d4430ed26a7ab0fe4c5dfaf.camel@redhat.com> In-Reply-To: <9f145202ca6a59b48d4430ed26a7ab0fe4c5dfaf.camel@redhat.com> From: Jonathan Maxwell Date: Wed, 21 Dec 2022 08:48:11 +1100 Message-ID: Subject: Re: [net-next] ipv6: fix routing cache overflow for raw sockets To: Paolo Abeni Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, yoshfuji@linux-ipv6.org, dsahern@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 20, 2022 at 11:35 PM Paolo Abeni wrote: > > On Mon, 2022-12-19 at 10:48 +1100, Jon Maxwell wrote: > > Sending Ipv6 packets in a loop via a raw socket triggers an issue where a > > route is cloned by ip6_rt_cache_alloc() for each packet sent. This quickly > > consumes the Ipv6 max_size threshold which defaults to 4096 resulting in > > these warnings: > > > > [1] 99.187805] dst_alloc: 7728 callbacks suppressed > > [2] Route cache is full: consider increasing sysctl net.ipv6.route.max_size. > > . > > . > > [300] Route cache is full: consider increasing sysctl net.ipv6.route.max_size. > > If I read correctly, the maximum number of dst that the raw socket can > use this way is limited by the number of packets it allows via the > sndbuf limit, right? > Yes, but in my test sndbuf limit is never hit so it clones a route for every packet. e.g: output from C program sending 5000000 packets via a raw socket. ip raw: total num pkts 5000000 # bpftrace -e 'kprobe:dst_alloc {@count[comm] = count()}' Attaching 1 probe... @count[a.out]: 5000009 > Are other FLOWI_FLAG_KNOWN_NH users affected, too? e.g. nf_dup_ipv6, > ipvs, seg6? > Any call to ip6_pol_route(s) where no res.nh->fib_nh_gw_family is 0 can do it. But we have only seen this for raw sockets so far. Regards Jon > @DavidA: why do we need to create RTF_CACHE clones for KNOWN_NH flows? > > Thanks, > > Paolo >