[Codel] hardware multiqueue in fq_codel?
Eric Dumazet
eric.dumazet at gmail.com
Fri Jul 12 12:50:42 EDT 2013
On Fri, 2013-07-12 at 12:37 -0400, Dave Taht wrote:
> This is not strictly true, as the hash is permuted by a secret random
> number, any level of dumb attack as an attempt to fill all available queues
> will need to vastly exceed the packet limit rather than the number of queues,
> thus yielding the same behavior as a normal attack against pfifo_fast, and
> in the general case an attack that would overwhelm pfifo_fast won't be
> anywhere near as damaging against fq_codel.
I can give you a program doing a flood on random destination IP, and I
will tell you it will fill your fq_codel buckets. All of them. secret
random number wont help at all.
Or just think of SYN flood attack.
More information about the Codel
mailing list