Let's get on with the story.
I was sustaining a 3,000 pps SYN flood and was able to open new
connections with the firewall in place. Connection startups were slightly
lagged as was to be expected. Packet throughput got a bit jerky.
However when the rate reached 8,000pps, new connections were -very- lagged
and most current connections stalled. Even those on the local network.
The error reported was ENOBUFS from one client. I couldn't get an open
session to monitor the exact reason why other sessions stalled.
I haven't looked at the networking code, but the supposition is that the
firewall should drop the offending packets and not allow them to consume
my entire stack.
I'm opening this for discussion now. Is my above thought easy to
correct/implement? Current connections
-d
p.s. fantastically low load while under attack!
-- Look, Windows 98 Buy, lemmings, buy! MCSE, Must Consult Someone Experienced (c) 1998 David Ford. Redistribution via the Microsoft Network is prohibited. for linux-kernel: please read linux/Documentation/* before posting problems
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/