On Tue, 29 Mar 2005, jamal wrote:

If yes, the solution maybe to just drop all non-high-prio packets coming
in during the denial of service attack (for lack of better term). In
other words some strict prioritization scheduling (or rate control) at
the network level either in the NIC or ingress qdisc level.

Exactly, that is the proposal.  However, we often will need
to get the packets off the network card before we can decide
whether or not they're high priority.

Also, there can be multiple high priority sockets, and we
need to ensure they all make progress.  Hence the mempool
idea.

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan