Le vendredi 23 avril 2010 à 12:36 +0200, Patrick McHardy a écrit : > Eric Dumazet wrote: > > Le jeudi 22 avril 2010 à 23:03 +0200, Eric Dumazet a écrit : > >>> Guess I have to reproduce the DoS attack in a testlab (I will first have > >>> time Tuesday). So we can determine if its bad hashing or restart of the > >>> search loop. > >>> > > > > Or very long chains, if attacker managed to find a jhash flaw. > > That should be visible in the "searched" statistic. > > > You could add a lookup_restart counter : > > I've applied Jespers equivalent patch. Yes of course, I missed it or I would not have cooked it ;) Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
