Herbert Xu wrote:
On Fri, Oct 12, 2007 at 09:11:27PM +0900, Satoshi OSHIMA wrote:
+static inline int __ip_check_max_skb_pages(struct sock *sk, int size)
+{
+ switch(sk->sk_protocol) {
+ case IPPROTO_UDP:
+ if (sk->sk_prot->sysctl_mem[0] > UDP_MIN_SKB_PAGES)
+ if (atomic_read(sk->sk_prot->memory_allocated)+size
+ >= sk->sk_prot->sysctl_mem[0])
+ return -ENOBUFS;
+ /* Fall through */
+ default:
+ break;
+ }
+ return 0;
+}
Since you're not doing a per-user limit, you must give each
socket a minimum even when the total exceeds your threshold.
Otherwise any local user can trivially DoS the whole system.
+UDP variables:
+
+udp_mem - INTERGER
+ Number of pages allowed for queueing by all UDP sockets.
+ Minimal value is 4096. If 4096 is set, UDP memory will not
+ be limited.
+ Default: 4096
This seems to be a rather confusing setup. We don't set a
minimum for TCP so is this really necessary?
Hello Herbert,
Thank you so much for your comments.
I'm going to fix them in next take patch set.
Regards,
Hideo
--
Hitachi Computer Products (America) Inc.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
