On Fri, Jan 18, 2008 at 08:36:55PM -0800, Stephen Hemminger wrote:
> On Fri, 18 Jan 2008 20:34:46 -0800
> "Paul E. McKenney" <[EMAIL PROTECTED]> wrote:
>
> > On Fri, Jan 18, 2008 at 02:49:00PM -0800, Stephen Hemminger wrote:
> > > The perturbation timer used for re-keying can be deferred, it doesn't
> > > need to be deterministic.
> >
> > The only concern that I can come up with is that the sfq_perturbation
> > timer might be on one CPU, and all the operations using the corresponding
> > SFQ on another. This could in theory allow a nearly omniscient attacker
> > to exploit an SFQ imbalance while preventing perturbation of the hash
> > function.
> >
> > This does not seem to be a valid concern at this point, since there are
> > very few uses of init_timer_deferrable(). And if it should become a
> > problem, one approach would be to have some sort of per-timer limit to
> > the deferral. Of course, at that point one would need to figure out
> > what this limit should be!
> >
> > Acked-by: Paul E. McKenney <[EMAIL PROTECTED]>
>
> But the only threat is getting more bandwidth for a longer interval.
> It is all kind of moot anyway because the bandwidth hogs all open
> multiple connections anyway, so SFQ is of no use.
Good point, and an additional reason for my Acked-by above. ;-)
Thanx, Paul
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
