From: Simon Kirby <sim@netnation.com>
To: Linus Torvalds <torvalds@transmeta.com>
Cc: Ben Greear <greearb@candelatech.com>, jamal <hadi@cyberus.ca>,
Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Robert Olsson <Robert.Olsson@data.slu.se>,
Benjamin LaHaise <bcrl@redhat.com>,
netdev@oss.sgi.com, Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: [announce] [patch] limiting IRQ load, irq-rewrite-2.4.11-B5
Date: Wed, 3 Oct 2001 13:02:04 -0700 [thread overview]
Message-ID: <20011003130203.A2315@netnation.com> (raw)
In-Reply-To: <3BBB31F4.C223E12E@candelatech.com> <Pine.LNX.4.33.0110030920500.9427-100000@penguin.transmeta.com>
In-Reply-To: <Pine.LNX.4.33.0110030920500.9427-100000@penguin.transmeta.com>
On Wed, Oct 03, 2001 at 09:33:12AM -0700, Linus Torvalds wrote:
> Note that the big question here is WHO CARES?
>
> There are two issues, and they are independent:
> (a) handling of network packet flooding nicely
> (b) handling screaming devices nicely.
>
> First off, some comments:
> (a) is not a major security issue. If you allow untrusted users full
> 100/1000Mbps access to your internal network, you have _other_
> security issues, like packet sniffing etc that are much much MUCH
> worse. So the packet flooding thing is very much a corner case, and
> claiming that we have a big problem is silly.
>
> HOWEVER, (a) _can_ be a performance issue under benchmark load.
> Benchmarks (unlike real life) are almost always set up to have full
> network bandwidth access, and can show this issue.
Actually, the way I first started looking at this problem is the result
of a few attacks that have happened on our network. It's not just a
while(1) sendto(); UDP spamming program that triggers it -- TCP SYN
floods show the problem as well, and _there is no way_ to protect against
this without using syncookies or some similar method that can only be
done on the receiving TCP stack only.
At one point, one of our webservers received 30-40Mbit/sec of SYN packets
sustained for almost 24 hours. Needless to say, the machine was not
happy.
Simon-
[ Stormix Technologies Inc. ][ NetNation Communications Inc. ]
[ sim@stormix.com ][ sim@netnation.com ]
[ Opinions expressed are not necessarily those of my employers. ]
next prev parent reply other threads:[~2001-10-03 20:02 UTC|newest]
Thread overview: 151+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-02 0:41 [announce] [patch] limiting IRQ load, irq-rewrite-2.4.11-B5 jamal
2001-10-02 1:04 ` Benjamin LaHaise
2001-10-02 1:54 ` jamal
2001-10-02 5:13 ` Benjamin LaHaise
2001-10-02 5:55 ` Ben Greear
2001-10-02 17:03 ` Robert Olsson
2001-10-02 17:37 ` jamal
2001-10-02 19:46 ` Andreas Dilger
2001-10-03 9:22 ` Ingo Molnar
2001-10-03 14:06 ` David Brownell
2001-10-02 12:10 ` jamal
2001-10-02 22:00 ` jamal
2001-10-03 8:34 ` Ingo Molnar
2001-10-03 9:29 ` Helge Hafting
2001-10-03 12:49 ` jamal
2001-10-03 14:51 ` Ingo Molnar
2001-10-03 15:14 ` jamal
2001-10-03 17:28 ` Ingo Molnar
2001-10-04 0:53 ` jamal
2001-10-04 6:28 ` Ingo Molnar
2001-10-04 11:34 ` jamal
2001-10-04 17:40 ` Andreas Dilger
2001-10-04 18:33 ` jamal
2001-10-04 6:50 ` Ben Greear
2001-10-04 6:52 ` Ingo Molnar
2001-10-04 11:50 ` jamal
2001-10-04 6:55 ` Jeff Garzik
2001-10-04 6:56 ` Ingo Molnar
2001-10-04 21:28 ` Alex Bligh - linux-kernel
2001-10-04 21:49 ` Benjamin LaHaise
2001-10-04 23:20 ` Alex Bligh - linux-kernel
2001-10-04 23:26 ` Benjamin LaHaise
2001-10-04 23:47 ` Robert Love
2001-10-04 23:51 ` Linus Torvalds
2001-10-05 0:00 ` Ben Greear
2001-10-05 0:18 ` Davide Libenzi
2001-10-05 2:01 ` jamal
2001-10-04 22:01 ` Simon Kirby
2001-10-04 23:25 ` Alex Bligh - linux-kernel
2001-10-04 23:34 ` Simon Kirby
2001-10-04 22:10 ` Alan Cox
2001-10-04 23:28 ` Alex Bligh - linux-kernel
2001-10-05 15:22 ` Robert Olsson
2001-10-03 9:38 ` Ingo Molnar
2001-10-03 13:03 ` jamal
2001-10-03 13:25 ` jamal
2001-10-03 13:38 ` Robert Olsson
2001-10-04 21:22 ` Alex Bligh - linux-kernel
2001-10-05 14:32 ` Robert Olsson
2001-10-03 15:28 ` Ingo Molnar
2001-10-03 15:56 ` jamal
2001-10-03 16:51 ` Ingo Molnar
2001-10-03 21:08 ` Robert Olsson
2001-10-03 22:22 ` Andreas Dilger
2001-10-04 17:32 ` Davide Libenzi
2001-10-05 14:52 ` Robert Olsson
2001-10-05 18:48 ` Andreas Dilger
2001-10-05 19:07 ` Davide Libenzi
2001-10-05 19:17 ` kuznet
2001-10-07 6:11 ` Robert Olsson
2001-10-08 13:58 ` jamal
2001-10-08 17:42 ` Robert Olsson
2001-10-08 17:39 ` jamal
2001-10-04 0:46 ` jamal
2001-10-08 0:31 ` Andrea Arcangeli
2001-10-08 4:58 ` Bernd Eckenfels
2001-10-08 15:00 ` Alan Cox
2001-10-08 15:03 ` Jeff Garzik
2001-10-08 15:12 ` Alan Cox
2001-10-08 15:09 ` jamal
2001-10-08 15:22 ` Alan Cox
2001-10-08 15:20 ` jamal
2001-10-08 15:35 ` Alan Cox
2001-10-08 15:57 ` jamal
2001-10-08 16:11 ` Alan Cox
2001-10-08 16:11 ` jamal
2001-10-10 16:26 ` Pavel Machek
2001-10-10 16:25 ` Pavel Machek
2001-10-08 15:24 ` Andrea Arcangeli
2001-10-08 15:35 ` Alan Cox
2001-10-08 15:19 ` Andrea Arcangeli
2001-10-08 15:10 ` bill davidsen
2001-10-03 16:53 ` kuznet
2001-10-03 17:06 ` Ingo Molnar
2001-10-04 0:44 ` jamal
2001-10-04 6:35 ` Ingo Molnar
2001-10-04 11:41 ` jamal
2001-10-04 13:05 ` Robert Olsson
2001-10-05 16:42 ` kuznet
2001-10-03 19:03 ` Benjamin LaHaise
2001-10-04 1:10 ` jamal
2001-10-04 1:30 ` Benjamin LaHaise
2001-10-03 22:31 ` Rob Landley
2001-10-04 1:39 ` jamal
2001-10-03 15:42 ` Ben Greear
2001-10-03 15:58 ` jamal
2001-10-03 16:09 ` Ben Greear
2001-10-03 16:14 ` Ingo Molnar
2001-10-03 16:20 ` Jeff Garzik
2001-10-03 16:33 ` Linus Torvalds
2001-10-03 17:25 ` Ingo Molnar
2001-10-03 18:11 ` Linus Torvalds
2001-10-03 20:41 ` Jeremy Hansen
2001-10-03 20:02 ` Simon Kirby [this message]
2001-10-04 1:04 ` jamal
2001-10-04 6:47 ` Ben Greear
2001-10-04 7:41 ` Henning P. Schmiedehausen
2001-10-04 16:09 ` Ben Greear
2001-10-04 17:32 ` Henning P. Schmiedehausen
2001-10-04 18:03 ` Ben Greear
2001-10-04 18:30 ` Christopher E. Brown
2001-10-04 11:47 ` jamal
2001-10-04 15:56 ` Ben Greear
2001-10-04 18:23 ` jamal
2001-10-04 6:50 ` Ingo Molnar
2001-10-04 11:49 ` jamal
2001-10-04 8:45 ` Simon Kirby
2001-10-04 11:54 ` jamal
2001-10-04 15:03 ` Tim Hockin
2001-10-04 18:55 ` Ion Badulescu
2001-10-04 19:00 ` jamal
2001-10-04 21:16 ` Ion Badulescu
2001-10-04 4:12 ` bill davidsen
2001-10-04 18:16 ` Alan Cox
2001-10-03 8:38 ` Ingo Molnar
2001-10-04 3:50 ` bill davidsen
-- strict thread matches above, loose matches on Subject: below --
2001-10-08 14:45 jamal
2001-10-09 0:36 ` Scott Laird
2001-10-09 3:17 ` jamal
2001-10-09 4:04 ` Werner Almesberger
2001-10-04 8:25 Magnus Redin
2001-10-04 11:39 ` Trever L. Adams
[not found] <200110031811.f93IBoN10026@penguin.transmeta.com>
2001-10-03 18:23 ` Ingo Molnar
2001-10-04 9:19 ` BALBIR SINGH
2001-10-04 9:22 ` Ingo Molnar
2001-10-04 9:49 ` BALBIR SINGH
2001-10-04 10:25 ` Ingo Molnar
2001-10-07 20:37 ` Andrea Arcangeli
2001-10-03 14:15 Manfred Spraul
2001-10-03 15:09 ` jamal
2001-10-03 18:37 ` Davide Libenzi
2001-10-01 22:16 Ingo Molnar
2001-10-01 22:26 ` Tim Hockin
2001-10-01 22:50 ` Ingo Molnar
2001-10-01 22:36 ` Andreas Dilger
2001-10-01 22:50 ` Ben Greear
2001-10-02 14:30 ` Alan Cox
2001-10-02 20:51 ` Ingo Molnar
2001-10-01 23:03 ` Linus Torvalds
2001-10-02 6:50 ` Marcus Sundberg
2001-10-03 8:47 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011003130203.A2315@netnation.com \
--to=sim@netnation.com \
--cc=Robert.Olsson@data.slu.se \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bcrl@redhat.com \
--cc=greearb@candelatech.com \
--cc=hadi@cyberus.ca \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=netdev@oss.sgi.com \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox