From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com
	[IPv6:2607:f8b0:4001:c03::230])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id F218E21F194
	for <codel@lists.bufferbloat.net>; Fri, 12 Jul 2013 09:54:48 -0700 (PDT)
Received: by mail-ie0-f176.google.com with SMTP id ar20so20237188iec.7
	for <codel@lists.bufferbloat.net>; Fri, 12 Jul 2013 09:54:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=zmd2iICF+6rNTuGfEs/dXVWlUHarBWMCf9xZDmvs+Vo=;
	b=0Wzb2moygVvUaZflqYYA/pApPUp9kkkJMhuduieaOH4COz0zlJxYR7+ypm0zUR8Aoc
	qvtqOF4bRM+BASwO1Nc0OtwJjq5oqdZhZ74BxSx6spGgRFaufYAEtzeJQ/RLPUazZBJq
	GP0bPf4GkxUxMc0lR6p5hflltGR+6ue0linkbvVMZHbAIsS0ANFW96nGgh8kKgXp9kuZ
	s29wthQrZdS+fZwL62+40bTUALCSLZIc/T7IChz8ft/xjQa2r2yz2oamUAknbbRgA5rc
	7Ug05N1a6H0JMNGJaGKa/OPt2tH5sBZ0RskQbSskhkvlSgfhQ9rkYGJ0ihw5gZZZd3ll
	QXeQ==
MIME-Version: 1.0
X-Received: by 10.50.62.83 with SMTP id w19mr1137974igr.0.1373648088461; Fri,
	12 Jul 2013 09:54:48 -0700 (PDT)
Received: by 10.64.98.162 with HTTP; Fri, 12 Jul 2013 09:54:48 -0700 (PDT)
In-Reply-To: <1373647842.10804.28.camel@edumazet-glaptop>
References: <CAA93jw5SBtsz3=L9M7mhASg9oAVyvysFL9VNwc-52mOk4HWg8A@mail.gmail.com>
	<1373564673.4600.55.camel@edumazet-glaptop>
	<CAA93jw6rd1G2Q4pmfAB5GPuwfqCbVPDw6njCaceszD9q5Avz_A@mail.gmail.com>
	<1373568848.4600.66.camel@edumazet-glaptop>
	<CAA93jw4+TcWOBH8mMpsk6EAO-EVzemHvx1FjPbrevEzqTJmr_A@mail.gmail.com>
	<20130712113413.4b601800@redhat.com>
	<1373642001.10804.18.camel@edumazet-glaptop>
	<CAA93jw56qvkNwNEwSVUsGGvTJ8FG3Sd9hOmnP6cWnfiYFFa3Wg@mail.gmail.com>
	<1373647842.10804.28.camel@edumazet-glaptop>
Date: Fri, 12 Jul 2013 12:54:48 -0400
Message-ID: <CAA93jw7tgL8CGz6KzwiJrtWKHJhkzk_WXXB9JGN7xg35A=1nzQ@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: codel@lists.bufferbloat.net, Jesper Dangaard Brouer <jbrouer@redhat.com>
Subject: Re: [Codel] hardware multiqueue in fq_codel?
X-BeenThere: codel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: CoDel AQM discussions <codel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/codel>,
	<mailto:codel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/codel>
List-Post: <mailto:codel@lists.bufferbloat.net>
List-Help: <mailto:codel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/codel>,
	<mailto:codel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2013 16:54:49 -0000

On Fri, Jul 12, 2013 at 12:50 PM, Eric Dumazet <eric.dumazet@gmail.com> wro=
te:
> On Fri, 2013-07-12 at 12:37 -0400, Dave Taht wrote:
>
>> This is not strictly true, as the hash is permuted by a secret random
>> number, any level of dumb attack as an attempt to fill all available que=
ues
>> will need to vastly exceed the packet limit rather than the number of qu=
eues,
>> thus yielding the same behavior as a normal attack against pfifo_fast, a=
nd
>> in the general case an attack that would overwhelm pfifo_fast won't be
>> anywhere near as damaging against fq_codel.
>
> I can give you a program doing a flood on random destination IP, and I
> will tell you it will fill your fq_codel buckets. All of them. secret
> random number wont help at all.

My point was that same program would be just as damaging against
pfifo_fast.

> Or just think of SYN flood attack.

For which other defenses exist.
>
>
>



--=20
Dave T=E4ht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.=
html