> > On most machines select returns -1, errno=EINTR on a signal that is handled. > You are correct. To fix the original code I posted, here goes: [note, it will probably take longer than the interval, because of the number of calls involved, but that's your thing] void mysleep(int seconds) { struct timeval tv_now; struct timeval tv_then; struct timeval tv; tv.tv_sec=seconds; tv.tv_usec=0; gettimeofday(&tv_now); tv_then.tv_sec = tv_now.tv_sec + seconds; tv_then.tv_usec = 0; while(select(0,NULL,NULL,NULL,&tv) != 0) { gettimeofday(&tv_now); tv.tv_sec = tv_then.tv_sec - tv_now.tv_sec; tv.tv_usec = tv_then.tv_usec - tv_now.tv_usec; } } There you go. It just shows how such an insignificant little thing can consume a lot of time to solve. > > Also the real problem is much more fundamental than all of the ping -f > arguments. Consider > > fork 10 pings > while(1) > { > kill all pings > as we get sigcld fork new ones > delay (not long) > } > > Another ping -f style attack. Or I could use UDP to send billions of > packets - far far simpler. > I concur, UDP is fully user level, and it can be programmed much easier than ICMP. > > There is only one serious way to handle this, and it goes beyond the > conventional Unix networking. Like any other resource you quota users > in packets/bytes per second. Secure network folk would probably like a per > user BPF filter that must say Yes to any packet the user attempts to send > as well. I don't think anyone is addressing this right now. > > Alan > --Perry -- Perry Harrington System Software Engineer zelur xuniL () http://www.webcom.com perry.harringtonat_private Think Blue. /\
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:11 PDT