> In at least one environment known to me (router), I'd rather it
> kept accepting packets, and f/w'ing them, and didn't switch VTs etc.
> By dropping down performance, you've made the DoS attack even
> more successful than it would otherwise have been (the kiddie
> looks at effect on the host at the end).
Ingo is not limiting interrupts to make it drop packets and forget things
just so that userspace can proceed. Instead, he is postponing servicing
of the interrupts so that the card can batch up more packets and the
interrupt will retrieve more at once rather than continually leaving and
entering the interrupt to just pick up a few packets. Without this, the
interrupt will starve everything else, and nothing will get done.
By postponing servicing of the interrupt (and thus increasing latency
slightly), throughput will actually increase.
Obviously, if the card Rx buffers overflow because the interrupts weren't
serviced quickly enough, then packets will be dropped. This is still
better than the machine not being able to actually do anything with the
received packets (and also not able to do anything else such as allow the
administrator to figure out what is happening).
[ Stormix Technologies Inc. ][ NetNation Communications Inc. ]
[ email@example.com ][ firstname.lastname@example.org ]
[ Opinions expressed are not necessarily those of my employers. ]
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/