On Fri, Jul 12, 2013 at 12:50 PM, Eric Dumazet <[email protected]> wrote: > On Fri, 2013-07-12 at 12:37 -0400, Dave Taht wrote: > >> This is not strictly true, as the hash is permuted by a secret random >> number, any level of dumb attack as an attempt to fill all available queues >> will need to vastly exceed the packet limit rather than the number of queues, >> thus yielding the same behavior as a normal attack against pfifo_fast, and >> in the general case an attack that would overwhelm pfifo_fast won't be >> anywhere near as damaging against fq_codel. > > I can give you a program doing a flood on random destination IP, and I > will tell you it will fill your fq_codel buckets. All of them. secret > random number wont help at all.
My point was that same program would be just as damaging against pfifo_fast. > Or just think of SYN flood attack. For which other defenses exist. > > > -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Codel mailing list [email protected] https://lists.bufferbloat.net/listinfo/codel
