Re: [PATCH] Increased DoS protection.

To:	Rusty Russell <rusty@xxxxxxxxxxxxxxxx>
Subject:	Re: [PATCH] Increased DoS protection.
From:	jamal <hadi@xxxxxxxxxx>
Date:	Thu, 27 Apr 2000 09:44:42 -0400 (EDT)
Cc:	torvalds@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter@xxxxxxxxxxxxxxx
In-reply-to:	<m12kl60-0005MGC@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender:	owner-netdev@xxxxxxxxxxx

On Thu, 27 Apr 2000, Rusty Russell wrote:

>       3) Do randomish/LRU drop on unreplied connections when we're
>          under stress.
> 

My 2 cents CDN:
I just gleaned at the code and must have missed the "randomness"
in the drops. Infact i have never had the chance to look at netfilter (one
of these days), so pardon my ignorance:
Would you please explain your algorithm (in english)?
Could unreplied connections also be in the (TCP) established state as
well? In which case i think LRU is wrong unless your aging timer is
somewhow associated with the connections RTT ( i suspect it is,
but just in case). Think of high latency links (like most wireless or
satellite, or even modems). Latency gets worse under duress. You need to
favor already established connections  more.

cheers,
jamal

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Increased DoS protection., Rusty Russell Re: [PATCH] Increased DoS protection., jamal <= Re: [PATCH] Increased DoS protection., Rusty Russell Re: [PATCH] Increased DoS protection., Andi Kleen Re: [PATCH] Increased DoS protection., Rusty Russell Re: [PATCH] Increased DoS protection., Lars Marowsky-Bree

Previous by Date:	[PATCH] iptables filter: FORWARD default change!, Rusty Russell
Next by Date:	Re: [PATCH] Increased DoS protection., Rusty Russell
Previous by Thread:	[PATCH] Increased DoS protection., Rusty Russell
Next by Thread:	Re: [PATCH] Increased DoS protection., Rusty Russell
Indexes:	[Date] [Thread] [Top] [All Lists]