On Sun, Sep 20, 1998 at 06:28:14PM -0700, david wrote:
[snip]
>
> However when the rate reached 8,000pps, new connections were -very- lagged
> and most current connections stalled. Even those on the local network.
> The error reported was ENOBUFS from one client. I couldn't get an open
> session to monitor the exact reason why other sessions stalled.
>
As Alan says "hit it with a large enough hammer and it will break".
> I haven't looked at the networking code, but the supposition is that the
> firewall should drop the offending packets and not allow them to consume
> my entire stack.
>
You cannot just drop the offending packets. You need to process them to find
out which are the good and bad ones. Since IP doesn't have any windowing
stuff you need to get the datagrams and look at them. There go your buffers.
> I'm opening this for discussion now. Is my above thought easy to
> correct/implement? Current connections
>
I'm no network code expert but the answer would be no.
> -d
> p.s. fantastically low load while under attack!
>
the "look at ip/sequence number" takes almost no processing time:)
- --
Carlos Morgado - l39801@alfa.ist.utl.pt - http://alfa.ist.utl.pt/~c39801
PGP Key fingerprint = 43 BF 53 98 EB 32 F5 17 9E EB 77 1F 57 8C C6 83
[sig fault - no dump]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNgafSIewijNBLgpJAQG0NQQAlfZ2KxFNvv+mverkDUF4DJ6+a5+03ACx
6He6G3MqP7uXypjlTcUXvoWDDtjxeFn+JE41Hk2eSkgRWYCNCgSeJK02qmuh23d1
O4Q36YFQqIkHjhMDCoTJsaCT7+GtqC4qL6vCTetWmaGhDlezRfo1N3nQFliq85e7
vX1WPsd0qbc=
=SGCa
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/