Re: [Linux Diffserv] Re: [PATCH] Inbound Connection Control mechanism:

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Richard B. Johnson: "Re: fake loop"
• Previous message: Ivan Kalvatchev: "DoS with tmpfs #3"
• In reply to: Alan Cox: "Re: [Linux Diffserv] Re: [PATCH] Inbound Connection Control mechanism:"
• Next in thread: kuznet@ms2.inr.ac.ru: "Re: [Linux Diffserv] Re: [PATCH] Inbound Connection Control mechanism:"

> > Our patch can be used along with SYN policing to prioritize incoming
> > connection requests on a socket. SYN policing can be used to limit
> > the rate of a particular class, but it cannot be used to prioritize a
>
> No. Because you cant prove the packets are not spoofed. An attacker
> becomes able to block classes

The aim of our patch is not to protect against a denial of service kind of
attack. It is more targeted towards a server that is getting overloaded
with valid connection requests. In such a scenario, this mechanism will
provide better latency and connection rate for higher priority connections.

Thanks
Sridhar

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Richard B. Johnson: "Re: fake loop"
• Previous message: Ivan Kalvatchev: "DoS with tmpfs #3"
• In reply to: Alan Cox: "Re: [Linux Diffserv] Re: [PATCH] Inbound Connection Control mechanism:"
• Next in thread: kuznet@ms2.inr.ac.ru: "Re: [Linux Diffserv] Re: [PATCH] Inbound Connection Control mechanism:"