Re: ndp

To: George Michaelson <ggm%pobox.com@localhost>
Subject: Re: ndp
From: David Laight <david%l8s.co.uk@localhost>
Date: Wed, 20 Feb 2013 09:50:38 +0000

On Wed, Feb 20, 2013 at 12:52:25AM +0000, George Michaelson wrote:
> 
> I have accidentally participated in an apparent DoS like this, when a 
> diagnostic 'is IPv6 working' account I hosted leaked to the wrong /32 and 
> an ISP somewhere in South America started to get saturated by a walk 
> across their announced space.
> 
> I believe there are commercial implementations of switch logic which do 
> some kind of ageing out of the ND cache to set limits on growth. Maybe a 
> Ptree for this stuff in NetBSD needs a timer, and a background process to 
> mark/sweep idle entries.

A background process won't run at the required interval - under stress
it won't be often enough, and the rest of the time it is too often.

If you just timestamp the entries you can prune idle ones during insert
(which is code that will already have the tree write locked).
The code also need only worry about items it the branch of the tree
it is processing.

        David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- ndp
  - From: 6bone
- Re: ndp
  - From: Ignatios Souvatzis
- Re: ndp
  - From: Fernando Gont
- Re: ndp
  - From: George Michaelson

Prev by Date: Re: ndp
Next by Date: Re: refactoring ip_output() and the L2 _output()
Previous by Thread: Re: ndp
Next by Thread: Re: ndp
Indexes:

Home | Main Index | Thread Index | Old Index