Re: [PATCH] Re: predictable IP ID

kuznet@ms2.inr.ac.ru
Sat, 25 Sep 1999 23:17:14 +0400 (MSK DST)


Hello!

> - IDs for raw ip packets;

It is easy to solve. F.e. look at softnet patch at ip-routing.

> - possible DoS attacks by filling the cache and blocking new node creation
> (thus blocking communications with new legal peers).
> The #2 is a problem hard to avoid in this model.

You know my opinion on all this craft. From other hand time-wait socket
present exactly the same problem.

+ /* XXX: Does any SMP serialisation for IP transmission exist? --SAW */

No. It was bug both in 2.2 and in 2.3.

+ * Such an implementation has been chosen not just for fun. It's a way to
+ * prevent easy and efficient DoS attacks by creating hash collisions. A huge
+ * amount of long living nodes in a single hash slot would significantly delay
+ * lookups performed with disabled BHs.

Though you managed to prove me that all this issue is not paranoia.

This bullet is yet. The easiest and the most efficient attack
is to congest your peer cache and to kill all the IP then.
As I see AVL just increases size of entry twice, so that you made
it twice worse rather than better.

Please, think about removing it. 8)8)

Alexey

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/