In message <[EMAIL PROTECTED]>, Ville-Pertti Keinonen writ
es:

>> The easiest way to detect this DOS is probably to keep track of the
>> 
>>      namecache entries
>>      -----------------
>>      live vnodes
>> 
>> ratio, and enforce an upper limit on it.
>
>That seems like a reasonable approach.
>
>If you want to include the other attack I mentioned (I just tried it,
>got up to > 160000 vnodes), then you have to exclude vnodes that are
>only live because of v_cache_src entries from the count.

It should probably only count vnodes in "actual" use.

>BTW: You still haven't committed the v_id patch I sent you in May.  Is
>there any specific reason for this?

I seem to remember we stalled on some detail which wouldn't or
couldn't work was it NFS ?

--
Poul-Henning Kamp             FreeBSD coreteam member
[EMAIL PROTECTED]               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to