this patch alone<\/a> being able to process 14.2M more packets per second while under attack on an Intel Xeon Linux server:
\n
“busylock was protecting UDP sockets against packet floods, but unfortunately was not protecting the host itself.
<\/p>\nUnder stress, many cpus could spin while acquiring the busylock, and NIC had to drop packets. Or packets would be dropped in cpu backlog if RPS\/RFS were in place.
\n<\/p>\n
This patch replaces the busylock by intermediate lockless queues. (One queue per NUMA node).
\n<\/p>\n
This means that fewer number of cpus have to acquire the UDP receive queue lock.
\n<\/p>\n
Most of the cpus can either:
\n
– immediately drop the packet.
\n
– or queue it in their NUMA aware lockless queue.
\n<\/p>\n
Then one of the cpu is chosen to process this lockless queue in a batch.
\n<\/p>\n
The batch only contains packets that were cooked on the same NUMA node, thus with very limited latency impact.
\n<\/p>\n
Tested:
\n<\/p>\n
DDOS targeting a victim UDP socket, on a platform with 6 NUMA nodes (Intel(R) Xeon(R) 6985P-C)
\n<\/p>\n
Before:
\n<\/p>\n
nstat -n ; sleep 1 ; nstat | grep Udp
\n
Udp6InDatagrams 1004179 0.0
\n
Udp6InErrors 3117 0.0
\n
Udp6RcvbufErrors 3117 0.0
\n<\/p>\n
After:
\n
nstat -n ; sleep 1 ; nstat | grep Udp
\n
Udp6InDatagrams 1116633 0.0
\n
Udp6InErrors 14197275 0.0
\n
Udp6RcvbufErrors 14197275 0.0
\n<\/p>\n
We can see this host can now process 14.2 M more packets per second while under attack, and the victim socket can receive 11 % more packets.”<\/p>\n
The timing of this work landing for Linux 6.18 is great with this kernel version expected to become this year’s Long Term Support (LTS) kernel version and thus will see a lot of enterprise\/server use moving forward.<\/p>\n","protected":false},"excerpt":{"rendered":"A set of patches merged via the networking pull request for the Linux 6.18 will help servers better…\n","protected":false},"author":2,"featured_media":178460,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[5870,59,5869,5867,5866,5873,5871,5868,5872,5865,5876,86,5874,5875,56,54,55],"class_list":{"0":"post-178459","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-desktop-linux","9":"tag-gb","10":"tag-linux-benchmarking","11":"tag-linux-hardware-benchmarks","12":"tag-linux-hardware-reviews","13":"tag-linux-how-to","14":"tag-linux-performance","15":"tag-linux-server-benchmarks","16":"tag-open-source-graphics","17":"tag-phoronix","18":"tag-phoronix-test-suite","19":"tag-technology","20":"tag-ubuntu-benchmarks","21":"tag-ubuntu-hardware","22":"tag-uk","23":"tag-united-kingdom","24":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/178459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=178459"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/178459\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/178460"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=178459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=178459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=178459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"LINUX](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/10\/linuxnetworking.webp.webp\")