[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xenconsoled CPU denial of service problem


  • To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
  • Date: Mon, 28 Aug 2006 21:57:22 +0100
  • Delivery-date: Mon, 28 Aug 2006 14:06:51 -0700
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcbK5I6TzPxsXTbXEduheAANk04WTA==
  • Thread-topic: [Xen-devel] xenconsoled CPU denial of service problem

On 28/8/06 7:02 pm, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:

> Does anyone know of any alternative approach to detecting whether the fd
> for the master end of a psuedo-TTY, has a its end slave open / active ?
> Without being able to detect this I don't see any good way to avoid the DOS
> attack in the general case - only other option would be to start dropping
> data once > a certain rate, but this isn't really very desirable because
> there are (debug) scenarios in which you really do want the ability to
> capture all data.

The protocol has flow control. If we rate-limited xenconsoled consumption of
data from each domU ring, we would limit resource consumption in dom0 and
not lose any data (since the domU will simply buffer it internally).

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.