From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>,
netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>
Subject: Re: [RFC PATCH] inet: fix enforcing of fragment queue hash list depth
Date: Mon, 15 Apr 2013 19:12:23 +0200 [thread overview]
Message-ID: <1366045943.11284.67.camel@localhost> (raw)
In-Reply-To: <1366043030.4459.109.camel@edumazet-glaptop>
On Mon, 2013-04-15 at 09:23 -0700, Eric Dumazet wrote:
> Allowing thousand of fragments and keeping a 64 slot hash table is not
> going to work.
>
> depths of 128 are just insane.
I fully agree, my plan was actually to reduce this to 5 or 10 depth
limit. I just noticed this problem with Hannes patch, while working on
your idea of direct hash cleaning, and then I just/only extracted the
parts that was relevant for fixing Hannes patch.
> Really Jesper, you'll need to make the hash table dynamic, if you really
> care.
My plan/idea is to make the hash tables size depend on the available
memory. As on small memory devices, we are opening up for (an attack
vector where) remote hosts can pin-down a large portion of their memory,
which we want to avoid. (And you don't even need a port in listen
state).
How dynamic do you want it? Would initial sizing based on memory be
enough, or should I also add a proc/sysctl option for changing the hash
size from userspace?
--Jesper
next prev parent reply other threads:[~2013-04-15 17:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-15 14:25 [RFC PATCH] inet: fix enforcing of fragment queue hash list depth Jesper Dangaard Brouer
2013-04-15 15:26 ` Hannes Frederic Sowa
2013-04-15 16:23 ` Eric Dumazet
2013-04-15 17:09 ` Hannes Frederic Sowa
2013-04-15 17:12 ` Jesper Dangaard Brouer [this message]
2013-04-15 17:16 ` Jesper Dangaard Brouer
2013-04-15 17:43 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1366045943.11284.67.camel@localhost \
--to=brouer@redhat.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).