| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <177032651050.1975497.1618419942361969764.stgit@firesoul>
Date: Thu, 05 Feb 2026 22:21:50 +0100
From: Jesper Dangaard Brouer <hawk@...nel.org>
To: netdev@...r.kernel.org, Eric Dumazet <eric.dumazet@...il.com>,
"David S. Miller" <davem@...emloft.net>, Paolo Abeni <pabeni@...hat.com>,
Toke Høiland-Jørgensen <toke@...e.dk>
Cc: Jesper Dangaard Brouer <hawk@...nel.org>, bpf@...r.kernel.org,
Jakub Kicinski <kuba@...nel.org>, horms@...nel.org, jiri@...nulli.us,
edumazet@...gle.com, xiyou.wangcong@...il.com, jhs@...atatu.com,
atenart@...hat.com, carges@...udflare.com, kernel-team@...udflare.com
Subject: [PATCH net-next v2 4/6] net: sched: rename QDISC_DROP_CAKE_FLOOD to
QDISC_DROP_FLOOD_PROTECTION
Rename QDISC_DROP_CAKE_FLOOD to QDISC_DROP_FLOOD_PROTECTION to use a
generic name without embedding the qdisc name. This follows the
principle that drop reasons should describe the drop mechanism rather
than being tied to a specific qdisc implementation.
The flood protection drop reason is used by qdiscs implementing
probabilistic drop algorithms (like BLUE) that detect unresponsive
flows indicating potential DoS or flood attacks. CAKE uses this via
its Cobalt AQM component.
Suggested-by: Toke Høiland-Jørgensen <toke@...hat.com>
Signed-off-by: Jesper Dangaard Brouer <hawk@...nel.org>
---
include/net/dropreason-qdisc.h | 11 ++++++-----
net/sched/sch_cake.c | 2 +-
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/net/dropreason-qdisc.h b/include/net/dropreason-qdisc.h
index f70fe06213b0..3759a801bddd 100644
--- a/include/net/dropreason-qdisc.h
+++ b/include/net/dropreason-qdisc.h
@@ -11,7 +11,7 @@
FN(CONGESTED) \
FN(FLOW_LIMIT) \
FN(MAXFLOWS) \
- FN(CAKE_FLOOD) \
+ FN(FLOOD_PROTECTION) \
FN(FQ_BAND_LIMIT) \
FN(FQ_HORIZON_LIMIT) \
FNe(MAX)
@@ -74,11 +74,12 @@ enum qdisc_drop_reason {
*/
QDISC_DROP_MAXFLOWS,
/**
- * @QDISC_DROP_CAKE_FLOOD: CAKE qdisc dropped packet due to flood
- * protection mechanism (BLUE algorithm). This indicates potential
- * DoS/flood attack or unresponsive flow behavior.
+ * @QDISC_DROP_FLOOD_PROTECTION: packet dropped by flood protection
+ * mechanism detecting unresponsive flows (potential DoS/flood).
+ * Used by qdiscs implementing probabilistic drop algorithms like
+ * BLUE (e.g., CAKE's Cobalt AQM).
*/
- QDISC_DROP_CAKE_FLOOD,
+ QDISC_DROP_FLOOD_PROTECTION,
/**
* @QDISC_DROP_FQ_BAND_LIMIT: FQ (Fair Queue) dropped packet because
* the priority band's packet limit was reached. Each priority band
diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c
index da3c347574d2..b08711fa5f97 100644
--- a/net/sched/sch_cake.c
+++ b/net/sched/sch_cake.c
@@ -573,7 +573,7 @@ static enum qdisc_drop_reason cobalt_should_drop(struct cobalt_vars *vars,
/* Simple BLUE implementation. Lack of ECN is deliberate. */
if (vars->p_drop && reason == QDISC_DROP_UNSPEC &&
get_random_u32() < vars->p_drop)
- reason = QDISC_DROP_CAKE_FLOOD;
+ reason = QDISC_DROP_FLOOD_PROTECTION;
/* Overload the drop_next field as an activity timeout */
if (!vars->count)
Powered by blists - more mailing lists