Re: PROBLEM: DoS Attack on Fragment Cache

From: Matt Corallo
Date: Sun Apr 18 2021 - 10:31:59 EST

Next message: Alexander Egorenkov: "[PATCH 1/2] lib: scatterlist: Fix loop termination condition in sg_calculate_split()"
Previous message: Andy Shevchenko: "Re: [PATCH v1 6/7] iio: st_sensors: Add lsm9ds0 IMU support"
In reply to: Willy Tarreau: "Re: PROBLEM: DoS Attack on Fragment Cache"
Next in thread: Eric Dumazet: "Re: PROBLEM: DoS Attack on Fragment Cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Should the default, though, be so low? If someone is still using a old modem they can crank up the sysctl, it does seem like such things are pretty rare these days :). Its rather trivial to, without any kind of attack, hit 1Mbps of lost fragments in today's networks, at which point all fragments are dropped. After all, I submitted the patch to "scratch my own itch" :).

Matt

On 4/18/21 00:39, Willy Tarreau wrote:

I do agree that we shouldn't keep them that long nowadays, we can't go
too low without risking to break some slow transmission stacks (SLIP/PPP
over modems for example).

Next message: Alexander Egorenkov: "[PATCH 1/2] lib: scatterlist: Fix loop termination condition in sg_calculate_split()"
Previous message: Andy Shevchenko: "Re: [PATCH v1 6/7] iio: st_sensors: Add lsm9ds0 IMU support"
In reply to: Willy Tarreau: "Re: PROBLEM: DoS Attack on Fragment Cache"
Next in thread: Eric Dumazet: "Re: PROBLEM: DoS Attack on Fragment Cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]