[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.1004231440190.840@ask.diku.dk>
Date: Fri, 23 Apr 2010 14:45:59 +0200 (CEST)
From: Jesper Dangaard Brouer <hawk@...u.dk>
To: Patrick McHardy <kaber@...sh.net>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
Changli Gao <xiaosuo@...il.com>, hawk@...x.dk,
Linux Kernel Network Hackers <netdev@...r.kernel.org>,
netfilter-devel@...r.kernel.org,
Paul E McKenney <paulmck@...ux.vnet.ibm.com>
Subject: Re: DDoS attack causing bad effect on conntrack searches
On Fri, 23 Apr 2010, Patrick McHardy wrote:
> That sounds like a good idea. But lets what for Jesper's test results
> before we start fixing this problem :)
I will first have time to perform the tests Monday or Tuesday.
BUT I have just noticed there seems to be a corrolation between conntrack
early_drop and searches. I have upload a new graph:
http://people.netfilter.org/hawk/DDoS/2010-04-12__001/conntrack_early_drop002.png
I have not had time to checkout the code path yet...
Cheers,
Jesper Brouer
--
-------------------------------------------------------------------
MSc. Master of Computer Science
Dept. of Computer Science, University of Copenhagen
Author of http://www.adsl-optimizer.dk
-------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists