On Tue, Apr 13, 2010 at 08:31:03PM +0200, Eric Dumazet wrote: > Le mardi 13 avril 2010 à 20:39 +0300, Michael S. Tsirkin a écrit : > > > > When a socket with inflight tx packets is closed, we dont block the > > > close, we only delay the socket freeing once all packets were delivered > > > and freed. > > > > > > > Which is wrong, since this is under userspace control, so you get > > unkillable processes. > > > > We do not get unkillable processes, at least with sockets I was thinking > about (TCP/UDP ones). > > Maybe tun sockets can behave the same ?
Looks like that's what my patch does: ip_rcv seems to call skb_orphan too. > Herbert Acked your patch, so I guess its OK, but I think it can be > dangerous. > Anyway my feeling is that we try to add various mechanisms to keep a > hostile user flooding another one. > > For example, UDP got memory accounting quite recently, and we added > socket backlog limits very recently. It was considered not needed few > years ago. >