Watching performance on a DHCP Server
John Hascall
john at iastate.edu
Wed Feb 13 18:04:42 UTC 2008
> Am Mittwoch 13 Februar 2008 10:28:22 schrieb Enrique Perez-Terron:
> > Or, perhaps there is yet another way: delay responses to the clients,
> > process other incoming request, and upon timeout (a few milliseconds),
> > send all the offers to the log in a single transaction, fsync(), then
> > send out all the offers to the clients. However, this may require a far
> > bigger rewrite of the server.
> That is the way 4.1.0a1 behaves. The timeout condition is currently either
> "no more requests to process" or a configurable number of outstanding ACKs
> (whichever comes first).
> The code for a fsync() after some interval is there but commented out.
It seems to me that without a timeout<1>, you have an avenue for a
more subtle denial of service attack -- instead of having to stream
so many packets at the server that you knock it over, you just have
to send enough to keep the input queue from emptying.
-------------
<1> either wall-clock based or just a count of input packets read
John
More information about the dhcp-users
mailing list