From: Yannick Koehler <yannick@koehler.name>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>, netdev@vger.kernel.org
Subject: Re: Unix Socket buffer attribution
Date: Wed, 23 Jan 2013 12:36:50 -0500 [thread overview]
Message-ID: <CAJ4BwwGhR_u6JrWanZ3WCPJtkXSPC4O2-boA4XxMw0U1CX+HSg@mail.gmail.com> (raw)
In-Reply-To: <1358961185.12374.853.camel@edumazet-glaptop>
Hi Eric,
I am not sure to follow you. I am not changing how sockets works.
I am actually making the af_unix socket works like others, by using
the sndbuf/rcvbuf limits. The code I added was took from netlink.c
and sock.c (sock_queue_err_skb). And actually, I am simply "adding" a
limit check, not removing. The only thing this may do as a negative
side effect is allow more buffer at the same time in the system, but
the global number of buffer remains checked, as it was, if it was,
since I am not changing how buffer gets allocated, just accounted.
Please check my patch.
2013/1/23 Eric Dumazet <eric.dumazet@gmail.com>:
> On Wed, 2013-01-23 at 08:56 -0800, Eric Dumazet wrote:
>
>> You'll have to add proper limits (SO_RCVBUF), accounting the truesize of
>> all accumulated messages.
>
> And if you claim being able to remove DOS attacks, you'll also have to
> add global limits, at a very minimum.
>
> (a la /proc/sys/net/ipv4/tcp_mem or /proc/sys/net/ipv4/udp_mem)
>
> Its not an easy problem, unfortunately.
>
>
>
--
Yannick Koehler
Courriel: yannick@koehler.name
Blog: http://corbeillepensees.blogspot.com
next prev parent reply other threads:[~2013-01-23 17:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-22 2:01 Unix Socket buffer attribution Yannick Koehler
2013-01-23 9:59 ` Hannes Frederic Sowa
2013-01-23 16:39 ` Yannick Koehler
2013-01-23 11:42 ` Cong Wang
2013-01-23 14:26 ` Eric Dumazet
2013-01-23 16:36 ` Yannick Koehler
2013-01-23 16:56 ` Eric Dumazet
2013-01-23 17:13 ` Eric Dumazet
2013-01-23 17:36 ` Yannick Koehler [this message]
2013-01-23 16:41 ` Yannick Koehler
2013-01-23 18:35 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJ4BwwGhR_u6JrWanZ3WCPJtkXSPC4O2-boA4XxMw0U1CX+HSg@mail.gmail.com \
--to=yannick@koehler.name \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).