On Fri, 18 Jan 2008 20:34:46 -0800 "Paul E. McKenney" <[EMAIL PROTECTED]> wrote:
> On Fri, Jan 18, 2008 at 02:49:00PM -0800, Stephen Hemminger wrote: > > The perturbation timer used for re-keying can be deferred, it doesn't > > need to be deterministic. > > The only concern that I can come up with is that the sfq_perturbation > timer might be on one CPU, and all the operations using the corresponding > SFQ on another. This could in theory allow a nearly omniscient attacker > to exploit an SFQ imbalance while preventing perturbation of the hash > function. > > This does not seem to be a valid concern at this point, since there are > very few uses of init_timer_deferrable(). And if it should become a > problem, one approach would be to have some sort of per-timer limit to > the deferral. Of course, at that point one would need to figure out > what this limit should be! > > Acked-by: Paul E. McKenney <[EMAIL PROTECTED]> But the only threat is getting more bandwidth for a longer interval. It is all kind of moot anyway because the bandwidth hogs all open multiple connections anyway, so SFQ is of no use. -- Stephen Hemminger <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
