On Fri, 2013-07-12 at 12:37 -0400, Dave Taht wrote: > This is not strictly true, as the hash is permuted by a secret random > number, any level of dumb attack as an attempt to fill all available queues > will need to vastly exceed the packet limit rather than the number of queues, > thus yielding the same behavior as a normal attack against pfifo_fast, and > in the general case an attack that would overwhelm pfifo_fast won't be > anywhere near as damaging against fq_codel.
I can give you a program doing a flood on random destination IP, and I will tell you it will fill your fq_codel buckets. All of them. secret random number wont help at all. Or just think of SYN flood attack. _______________________________________________ Codel mailing list [email protected] https://lists.bufferbloat.net/listinfo/codel
