On Tue, Apr 13, 2010 at 08:31:03PM +0200, Eric Dumazet wrote: > > Herbert Acked your patch, so I guess its OK, but I think it can be > dangerous.
The tun socket accounting was never designed to stop it from flooding another tun interface. It's there to stop it from transmitting above a destination interface TX bandwidth and cause unnecessary packet drops. It also limits the total amount of kernel memory that can be pinned down by a single tun interface. In this case, all we're doing is shifting the accounting from the "hardware" queue to the qdisc queue. So your ability to flood a tun interface is essentially unchanged. BTW we do the same thing in a number of hardware drivers, as well as virtio-net. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
