TCP syn flooding protection

JeongHwan Kim frog007.kernel.kr at gmail.com
Fri Apr 23 02:45:54 EDT 2021


Hi, everyone

I'm testing packet flooding test with old kernel version 2.6.30.
My board experienced process starvation when injecting ICMP flood with hping3 tool.
I modified softirq invocation routine to launch ksoftirqd instead of executing do_softirq
and I limitted the speed of ethernet phy to accept below 10Mbps.
It seems that the board can process flooding ICMP packets of 10Mbps,
but the board cannot process against TCP/UDP packet flooding,
the speed of processes become slow down.
IPtabls of which rule is dropping all TCP/UDP packet does not improve the situation.
How can I protect the TCP/UDP flooding in my environment.

Thanks in advance.
Kim







More information about the Kernelnewbies mailing list