[tproxy] [RFC][PATCH] [TPROXY] kick out TIME_WAIT sockets in case a new connection comes in with the same tuple

Balazs Scheidler bazsi at balabit.hu
Wed Dec 10 09:52:22 CET 2008

On Tue, 2008-12-09 at 22:18 -0800, David Miller wrote:
> From: Balazs Scheidler <bazsi at balabit.hu>
> Date: Tue, 09 Dec 2008 08:51:35 +0000
> > Hi,
> > 
> > I'd like to get some guidance regarding the following patch. There's a 
> > severe performance limitation related to TIME_WAIT sockets and TProxy rules.
> > The patch below is the 'nice' approach, but it adds 6 bytes to 
> > inet_sock and inet_timewait_sock. The 'ugly' approach would be to schedule the
> > removal of the affected TIME_WAIT sockets at PREROUTING time.
> > 
> > This post is meant to get some review, but please do not apply this patch this time.
> I have no general objection to this, but people seem to be
> experts at making various parts of the TCP socket structures
> larger and larger :-(

I understand. Here are the alternatives I considered:
 1) the patch above, by extending the socket structures
 2) expand skb, of course I felt this is worse than the patch I posted
 3) call inet_twsk_deschedule() from the prerouting hook

The 3rd one does not require any expansion of the related structures,
however it'd mean that the TCP state is not only looked up, but also
changed from the TPROXY target. I felt this ugly, but the ugliness would
be constrained to the tproxy code. Shall I post a patch implementing
option #3 above?


More information about the tproxy mailing list