Bug#277736: NAPI not enabled - should be

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#277736: NAPI not enabled - should be
From: Simon Kirby <sim@netnation.com>
Date: Thu, 21 Oct 2004 20:19:29 -0700
Message-id: <[🔎] E1CKpxh-0007Uy-4h@peace.netnation.com>
Reply-to: Simon Kirby <sim@netnation.com>, 277736@bugs.debian.org

Package: kernel-image-2.6.8-1-386
Severity: normal
Tags: security

[ Filed with reportbug, but not specific to this system. ]

Hello,

CONFIG_E1000_NAPI, CONFIG_E100_NAPI, etc., all appear to be disabled in
the kernel configuration (for at least i386).  This option allows boxes
that would otherwise choke in a denial of service attack (or just heavy
load) to survive (making this a security issue) with load on the order
of five times higher or more.

I have personally tested CONFIG_E1000_NAPI, CONFIG_E100_NAPI, and TG3
NAPI on many servers and core routers and have found it to be both
extremely important and completely stable.

Other distributions (eg: Red Hat ES) do appear to have this option
enabled in the default kernels.

For more information, see linux/Documentation/networking/NAPI_HOWTO.txt.

Simon-

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-rc3-web
Locale: LANG=C, LC_CTYPE=C

Reply to:

Follow-Ups:
- Bug#277736: NAPI not enabled - should be
  - From: Horms <horms@debian.org>

Prev by Date: Processed: Re: Bug#277391: some ircomm devices should be irlpt devices
Next by Date: Processed: Re: Bug#277736: NAPI not enabled - should be
Previous by thread: Bug#277391: some ircomm devices should be irlpt devices
Next by thread: Bug#277736: NAPI not enabled - should be
Index(es):
- Date
- Thread