diff --git a/[refs] b/[refs] index 1c172926dc33..4935884b5fb5 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: b4ad86bf52469b26148c677cb59d8bc81f129cc2 +refs/heads/master: 8a508ac26e72aa203677aa6a8464bd3ea44216a6 diff --git a/trunk/net/dccp/ccids/Kconfig b/trunk/net/dccp/ccids/Kconfig index dac89166eb18..80f469887691 100644 --- a/trunk/net/dccp/ccids/Kconfig +++ b/trunk/net/dccp/ccids/Kconfig @@ -89,4 +89,37 @@ config IP_DCCP_CCID3_DEBUG parameter to 0 or 1. If in doubt, say N. + +config IP_DCCP_CCID3_RTO + int "Use higher bound for nofeedback timer" + default 100 + depends on IP_DCCP_CCID3 && EXPERIMENTAL + ---help--- + Use higher lower bound for nofeedback timer expiration. + + The TFRC nofeedback timer normally expires after the maximum of 4 + RTTs and twice the current send interval (RFC 3448, 4.3). On LANs + with a small RTT this can mean a high processing load and reduced + performance, since then the nofeedback timer is triggered very + frequently. + + This option enables to set a higher lower bound for the nofeedback + value. Values in units of milliseconds can be set here. + + A value of 0 disables this feature by enforcing the value specified + in RFC 3448. The following values have been suggested as bounds for + experimental use: + * 16-20ms to match the typical multimedia inter-frame interval + * 100ms as a reasonable compromise [default] + * 1000ms corresponds to the lower TCP RTO bound (RFC 2988, 2.4) + + The default of 100ms is a compromise between a large value for + efficient DCCP implementations, and a small value to avoid disrupting + the network in times of congestion. + + The purpose of the nofeedback timer is to slow DCCP down when there + is serious network congestion: experimenting with larger values should + therefore not be performed on WANs. + + endmenu diff --git a/trunk/net/dccp/ccids/ccid3.c b/trunk/net/dccp/ccids/ccid3.c index 70ebe705eb75..99807783a22f 100644 --- a/trunk/net/dccp/ccids/ccid3.c +++ b/trunk/net/dccp/ccids/ccid3.c @@ -245,9 +245,10 @@ static void ccid3_hc_tx_no_feedback_timer(unsigned long data) } /* * Schedule no feedback timer to expire in - * max(4 * R, 2 * s/X) = max(4 * R, 2 * t_ipi) + * max(t_RTO, 2 * s/X) = max(t_RTO, 2 * t_ipi) + * See comments in packet_recv() regarding the value of t_RTO. */ - t_nfb = max(4 * hctx->ccid3hctx_rtt, 2 * hctx->ccid3hctx_t_ipi); + t_nfb = max(hctx->ccid3hctx_t_rto, 2 * hctx->ccid3hctx_t_ipi); break; case TFRC_SSTATE_NO_SENT: DCCP_BUG("Illegal %s state NO_SENT, sk=%p", dccp_role(sk), sk); @@ -512,16 +513,20 @@ static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) */ sk->sk_write_space(sk); - /* Update timeout interval. We use the alternative variant of - * [RFC 3448, 3.1] which sets the upper bound of t_rto to one - * second, as it is suggested for TCP (see RFC 2988, 2.4). */ + /* + * Update timeout interval for the nofeedback timer. + * We use a configuration option to increase the lower bound. + * This can help avoid triggering the nofeedback timer too often + * ('spinning') on LANs with small RTTs. + */ hctx->ccid3hctx_t_rto = max_t(u32, 4 * hctx->ccid3hctx_rtt, - USEC_PER_SEC ); + CONFIG_IP_DCCP_CCID3_RTO * + (USEC_PER_SEC/1000) ); /* * Schedule no feedback timer to expire in - * max(4 * R, 2 * s/X) = max(4 * R, 2 * t_ipi) + * max(t_RTO, 2 * s/X) = max(t_RTO, 2 * t_ipi) */ - t_nfb = max(4 * hctx->ccid3hctx_rtt, 2 * hctx->ccid3hctx_t_ipi); + t_nfb = max(hctx->ccid3hctx_t_rto, 2 * hctx->ccid3hctx_t_ipi); ccid3_pr_debug("%s, sk=%p, Scheduled no feedback timer to " "expire in %lu jiffies (%luus)\n", diff --git a/trunk/net/xfrm/xfrm_user.c b/trunk/net/xfrm/xfrm_user.c index 311205ffa775..6f97665983d2 100644 --- a/trunk/net/xfrm/xfrm_user.c +++ b/trunk/net/xfrm/xfrm_user.c @@ -858,6 +858,7 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, int i; xp->xfrm_nr = nr; + xp->family = ut->family; for (i = 0; i < nr; i++, ut++) { struct xfrm_tmpl *t = &xp->xfrm_vec[i]; @@ -875,53 +876,19 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, } } -static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) -{ - int i; - - if (nr > XFRM_MAX_DEPTH) - return -EINVAL; - - for (i = 0; i < nr; i++) { - /* We never validated the ut->family value, so many - * applications simply leave it at zero. The check was - * never made and ut->family was ignored because all - * templates could be assumed to have the same family as - * the policy itself. Now that we will have ipv4-in-ipv6 - * and ipv6-in-ipv4 tunnels, this is no longer true. - */ - if (!ut[i].family) - ut[i].family = family; - - switch (ut[i].family) { - case AF_INET: - break; -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - case AF_INET6: - break; -#endif - default: - return -EINVAL; - }; - } - - return 0; -} - static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) { struct rtattr *rt = xfrma[XFRMA_TMPL-1]; + struct xfrm_user_tmpl *utmpl; + int nr; if (!rt) { pol->xfrm_nr = 0; } else { - struct xfrm_user_tmpl *utmpl = RTA_DATA(rt); - int nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); - int err; + nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); - err = validate_tmpl(nr, utmpl, pol->family); - if (err) - return err; + if (nr > XFRM_MAX_DEPTH) + return -EINVAL; copy_templates(pol, RTA_DATA(rt), nr); } @@ -1563,8 +1530,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xf } /* build an XP */ - xp = xfrm_policy_construct(&ua->policy, (struct rtattr **) xfrma, &err); - if (!xp) { + xp = xfrm_policy_construct(&ua->policy, (struct rtattr **) xfrma, &err); if (!xp) { kfree(x); return err; } @@ -2013,7 +1979,7 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, return NULL; nr = ((len - sizeof(*p)) / sizeof(*ut)); - if (validate_tmpl(nr, ut, p->sel.family)) + if (nr > XFRM_MAX_DEPTH) return NULL; if (p->dir > XFRM_POLICY_OUT)