On Fri, Oct 12, 2007 at 09:11:27PM +0900, Satoshi OSHIMA wrote:
>
> +static inline int __ip_check_max_skb_pages(struct sock *sk, int size)
> +{
> + switch(sk->sk_protocol) {
> + case IPPROTO_UDP:
> + if (sk->sk_prot->sysctl_mem[0] > UDP_MIN_SKB_PAGES)
> + if (atomic_read(sk->sk_prot->memory_allocated)+size
> + >= sk->sk_prot->sysctl_mem[0])
> + return -ENOBUFS;
> + /* Fall through */
> + default:
> + break;
> + }
> + return 0;
> +}
Since you're not doing a per-user limit, you must give each
socket a minimum even when the total exceeds your threshold.
Otherwise any local user can trivially DoS the whole system.
> +UDP variables:
> +
> +udp_mem - INTERGER
> + Number of pages allowed for queueing by all UDP sockets.
> + Minimal value is 4096. If 4096 is set, UDP memory will not
> + be limited.
> + Default: 4096
This seems to be a rather confusing setup. We don't set a
minimum for TCP so is this really necessary?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
