| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1272020717.7895.7974.camel@edumazet-laptop> Date: Fri, 23 Apr 2010 13:05:17 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Patrick McHardy <kaber@...sh.net> Cc: Jesper Dangaard Brouer <hawk@...u.dk>, paulmck@...ux.vnet.ibm.com, Changli Gao <xiaosuo@...il.com>, hawk@...x.dk, Linux Kernel Network Hackers <netdev@...r.kernel.org>, Netfilter Developers <netfilter-devel@...r.kernel.org> Subject: Re: DDoS attack causing bad effect on conntrack searches Le vendredi 23 avril 2010 à 12:55 +0200, Patrick McHardy a écrit : > Eric Dumazet wrote: > > > > OK but a lookup last a fraction of a micro second, unless interrupted by > > hard irq. > > > > Probability of a change during a lookup should be very very small. > > > > Note that the scenario for a restart is : > > > > The lookup go through the chain. > > While it is examining one object, this object is deleted. > > The object is re-allocated by another cpu and inserted to a new chain. > > I think another scenario that seems a bit more likely would be > that a new entry is added to the chain after it was fully searched. > Perhaps we could continue searching at the last position if the > last entry is not a nulls entry to improve this. But the last entry is always a nulls entry, what do you mean exactly ? When an unsert (of a fresh object, not a reused one) is done, this doesnt affect lookups in any way, since its done at the head of list. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists