From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <eric.dumazet@gmail.com>
Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com
	[IPv6:2607:f8b0:4003:c01::229])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 9855921F194
	for <codel@lists.bufferbloat.net>; Fri, 12 Jul 2013 09:50:45 -0700 (PDT)
Received: by mail-ob0-f169.google.com with SMTP id up14so11728382obb.14
	for <codel@lists.bufferbloat.net>; Fri, 12 Jul 2013 09:50:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:subject:from:to:cc:date:in-reply-to:references
	:content-type:x-mailer:content-transfer-encoding:mime-version;
	bh=kldFOHwj7a3UQqsmO6hRNC4RrwrIo/AEkpUAPaLGw9M=;
	b=n9B0OyiQ1SLQo0dXzlepYkcL5edAnzGQDzWnTlHTu5HiOkWhPnhMBopwBSjbs737io
	BRnEnYIP2ErFO8ZnY9XJ7iD7cSXDNVkFo58DBFmEHat3B2oI1xriE0za0kPnxMVnmI6N
	kPZ5e7AsPk5aMiPXjGqdEVoSDlmhXeq1qAjCJQ3gpI3mCQHVTHinu6DpUovp8NW3HWa0
	kgbqbfcUl5ZnKU91iSEDHTnh4En5+STgDp2sAn2ztBrgg1HB+iaJulbPf8bMn/ubbtR+
	q8zUbM3tKT/5NpE2dYlgaRKH+Hz2gZpbFJ6/5iP/64IV/bTD4DR9Ag5Mp+tttUmFtizj
	vPYQ==
X-Received: by 10.182.34.166 with SMTP id a6mr29417795obj.102.1373647844600;
	Fri, 12 Jul 2013 09:50:44 -0700 (PDT)
Received: from ?IPv6:2620:0:1000:3304:2f:cc3b:ee84:65d9?
	([2620:0:1000:3304:2f:cc3b:ee84:65d9])
	by mx.google.com with ESMTPSA id o8sm20381934obx.11.2013.07.12.09.50.43
	for <multiple recipients>
	(version=SSLv3 cipher=RC4-SHA bits=128/128);
	Fri, 12 Jul 2013 09:50:43 -0700 (PDT)
Message-ID: <1373647842.10804.28.camel@edumazet-glaptop>
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Date: Fri, 12 Jul 2013 09:50:42 -0700
In-Reply-To: <CAA93jw56qvkNwNEwSVUsGGvTJ8FG3Sd9hOmnP6cWnfiYFFa3Wg@mail.gmail.com>
References: <CAA93jw5SBtsz3=L9M7mhASg9oAVyvysFL9VNwc-52mOk4HWg8A@mail.gmail.com>
	<1373564673.4600.55.camel@edumazet-glaptop>
	<CAA93jw6rd1G2Q4pmfAB5GPuwfqCbVPDw6njCaceszD9q5Avz_A@mail.gmail.com>
	<1373568848.4600.66.camel@edumazet-glaptop>
	<CAA93jw4+TcWOBH8mMpsk6EAO-EVzemHvx1FjPbrevEzqTJmr_A@mail.gmail.com>
	<20130712113413.4b601800@redhat.com>
	<1373642001.10804.18.camel@edumazet-glaptop>
	<CAA93jw56qvkNwNEwSVUsGGvTJ8FG3Sd9hOmnP6cWnfiYFFa3Wg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.3-0ubuntu6 
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Cc: codel@lists.bufferbloat.net, Jesper Dangaard Brouer <jbrouer@redhat.com>
Subject: Re: [Codel] hardware multiqueue in fq_codel?
X-BeenThere: codel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: CoDel AQM discussions <codel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/codel>,
	<mailto:codel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/codel>
List-Post: <mailto:codel@lists.bufferbloat.net>
List-Help: <mailto:codel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/codel>,
	<mailto:codel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2013 16:50:45 -0000

On Fri, 2013-07-12 at 12:37 -0400, Dave Taht wrote:

> This is not strictly true, as the hash is permuted by a secret random
> number, any level of dumb attack as an attempt to fill all available queues
> will need to vastly exceed the packet limit rather than the number of queues,
> thus yielding the same behavior as a normal attack against pfifo_fast, and
> in the general case an attack that would overwhelm pfifo_fast won't be
> anywhere near as damaging against fq_codel.

I can give you a program doing a flood on random destination IP, and I
will tell you it will fill your fq_codel buckets. All of them. secret
random number wont help at all.

Or just think of SYN flood attack.