[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] xenconsoled CPU denial of service problem
On 28/8/06 7:02 pm, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > Does anyone know of any alternative approach to detecting whether the fd > for the master end of a psuedo-TTY, has a its end slave open / active ? > Without being able to detect this I don't see any good way to avoid the DOS > attack in the general case - only other option would be to start dropping > data once > a certain rate, but this isn't really very desirable because > there are (debug) scenarios in which you really do want the ability to > capture all data. The protocol has flow control. If we rate-limited xenconsoled consumption of data from each domU ring, we would limit resource consumption in dom0 and not lose any data (since the domU will simply buffer it internally). -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |