| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Sep 2012 13:09:17 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Neil Horman <nhorman@...driver.com> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Maciej Żenczykowski <maze@...gle.com>, Tom Herbert <therbert@...gle.com>, Lorenzo Colitti <lorenzo@...gle.com> Subject: Re: [PATCH net-next] net: only run neigh_forced_gc() from one cpu On Wed, 2012-09-19 at 13:07 +0200, Eric Dumazet wrote: > On Wed, 2012-09-19 at 06:50 -0400, Neil Horman wrote: > > > This is going to cause callers in neigh_alloc to immediately fail their > > allocation attempts. Would it be a good idea to modify that call site so that > > instead of returning NULL, instead reread tbl->entries before comparing to > > gc_thresh3, on the hope that the cpu in the garbage collecting routine has freed > > some entries? > > neigh_alloc() fails only if gc_thresh3 is hit, and if it is hit, we are > under attack by definition. > > (the gc is run every 5 seconds is above gc_thresh2, and below > gc_thresh3) > > No matter what you try, the attacker is going to be the winner. > > The best thing here is to drop packets, not spending several milli > seconds to serve one packet, as queues are going to tail drop anyway. > I meant several hundred of milli seconds per packet. In our tests we even trigger a softlockup, so thats more than 10 seconds waiting for the rwlock, for a single packet. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists