Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DoS attack against TCP services



On 13 Mar 2015, at 16:33, Christos Zoulas <christos%zoulas.com@localhost> wrote:

> On Mar 13,  4:12pm, hannken%eis.cs.tu-bs.de@localhost ("J. Hannken-Illjes") wrote:
> -- Subject: Re: DoS attack against TCP services
> 
> | > Can't it just try to acquire the lock and if it fails it spams, and
> | > does not deadlock? Or even better, finds the driver that blocks it,
> | > and bumps its timeout? It is annoying to have a monitoring service
> | > DoS the whole machine...
> | 
> | Suppose sysmon should use a second mutex for workqueue management only.
> | 
> | This way it should be possible to detect a non-empty workqueue,
> | print a message and stop adding new work.
> 
> That's a good idea. Do you want to do it, or should I put it in my
> infinite TODO list? :-)

What about the attached diff.  It adds a counter of busy items and
stops enqueueing more work if an item is still busy.

Adds a short time lock to protect this counter and keeps sme_mtx as
long time lock.

--
J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig (Germany)

Attachment: sysmon.diff
Description: Binary data



Home | Main Index | Thread Index | Old Index