Le mardi 13 avril 2010 à 23:25 +0300, Michael S. Tsirkin a écrit : > On Tue, Apr 13, 2010 at 08:31:03PM +0200, Eric Dumazet wrote: > > Le mardi 13 avril 2010 à 20:39 +0300, Michael S. Tsirkin a écrit : > > > > > > When a socket with inflight tx packets is closed, we dont block the > > > > close, we only delay the socket freeing once all packets were delivered > > > > and freed. > > > > > > > > > > Which is wrong, since this is under userspace control, so you get > > > unkillable processes. > > > > > > > We do not get unkillable processes, at least with sockets I was thinking > > about (TCP/UDP ones). > > > > Maybe tun sockets can behave the same ? > > Looks like that's what my patch does: ip_rcv seems to call > skb_orphan too.
Well, I was speaking of tx side, you speak of receiving side. An external flood (coming from another domain) is another problem. A sender might flood the 'network' inside our domain. How can we reasonably limit the sender ? Maybe the answer is 'We can not', but it should be stated somewhere, so that someone can address this point later.
