Thus said Claudio Jeker on Sat, 11 Sep 2010 11:28:31 +0200: > Wrong UDP is normaly not a fully defined 4 touple. Especially the > listening sockets (on port 53) can be slammed with packets. On the > other hand, if the recvbuffer overflows then packets just get dropped.
Thank you for the clarification. So basically, when a socket is in the LISTEN state, if 80 1k UDP packets are sent concurrently to the server from 80 different source IPs, then roughly 50% of them will be dropped (assuming defaults), because the recvspace is dedicated only to this one socket. The recvspace for a response of DNS, on the other hand, isn't likely to be consumed because the only packets coming to it will be response datagrams from a single server answering the query, and even with DNSSEC, and an answer as large as the one returned for an ANY query of bugs.debian.org, the recvspace isn't likely to be flooded. TCP is the same except a socket is more distinct because of the connection tuple so the recvspace is more dedicated. > The sendto() ENOBUFS errors that got mentioned have a different cause > (in most cases the interface send queue is overflowed). Yes, I suspected that this reported error was unrelated to send/recv space, because once the recvspace is full. Thanks, Andy
