LinuxQuestions.org - Extremely high ksoftirqd when UDP flooding an embedded device

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Extremely high ksoftirqd when UDP flooding an embedded device (https://www.linuxquestions.org/questions/linux-networking-3/extremely-high-ksoftirqd-when-udp-flooding-an-embedded-device-4175661018/)

Pieter Cardoen

09-17-2019 05:07 AM

Extremely high ksoftirqd when UDP flooding an embedded device

Dear

I am trying to make my embedded device robust against DoS attack but I notice that the system has a tremendously high ksoftirqd load causing the system to hang completely.

I am testing the system by pushing a large number of UDP messages to the system (> 250k messages per second).

Is there a way to protect our system against an attack of this kind?
Could we use traffic control or iptables for this?

This has been tested on a custom board with imx6ul processor.

Thanks
Pieter

nini09

09-19-2019 03:02 PM

You can try ebtables tool, working on layer 2.

Pieter Cardoen

09-20-2019 03:09 AM

I have got a look at ebtables cause I never heard about it. I however have some doubts if it could be useful for my use case. If I look at the example of rate shaping, then it relies on tc to implement the traffic shaping. See example 'rate shaping': https://ebtables.netfilter.org/examp....html#example5

Thanks for the input!

All times are GMT -5. The time now is 12:05 PM.