Re: [PATCH 4/5]: Rate-limit DCCP-Syncs

2007-09-22 Thread Arnaldo Carvalho de Melo
Em Wed, Jun 20, 2007 at 10:56:03AM +0100, Gerrit Renker escreveu: > [DCCP]: Rate-limit DCCP-Syncs > > This implements a SHOULD from RFC 4340, 7.5.4: > "To protect against denial-of-service attacks, DCCP implementations SHOULD > impose a rate limit on DCCP-Syncs sent in response to sequence-in

Re: [PATCH 4/5]: Rate-limit DCCP-Syncs

2007-06-30 Thread Ian McDonald
On 6/20/07, Gerrit Renker <[EMAIL PROTECTED]> wrote: [DCCP]: Rate-limit DCCP-Syncs Signed-off-by: Gerrit Renker <[EMAIL PROTECTED]> Signed-off-by: Ian McDonald <[EMAIL PROTECTED]> -- Web: http://wand.net.nz/~iam4/ Blog: http://iansblog.jandi.co.nz WAND Network Research Group - To unsubscribe fr

[PATCH 4/5]: Rate-limit DCCP-Syncs

2007-06-20 Thread Gerrit Renker
[DCCP]: Rate-limit DCCP-Syncs This implements a SHOULD from RFC 4340, 7.5.4: "To protect against denial-of-service attacks, DCCP implementations SHOULD impose a rate limit on DCCP-Syncs sent in response to sequence-invalid packets, such as not more than eight DCCP-Syncs per second." The

Re: [PATCH 4/5]: Rate-limit DCCP-Syncs

2007-04-11 Thread Patrick McHardy
Gerrit Renker wrote: > Quoting Ian McDonald: > | No, no, no. A userspace parameter in jiffies is just wrong I think. > | You change HZ and this doesn't automatically change. You could be > | doing this with different kernels on your machine even and setting > | sysctls in a file. Take a bit of

Re: [PATCH 4/5]: Rate-limit DCCP-Syncs

2007-04-11 Thread Gerrit Renker
| > The default value is set at compilation time when HZ is known. I used jiffies for the | > main reason to make this sysctl consistent with the other, similar, runtime variables | > which are also in units of jiffies (cf. Documentation/networking/ip-sysctl.txt): | > | > * inet_peer_mint

Re: [PATCH 4/5]: Rate-limit DCCP-Syncs

2007-04-11 Thread Gerrit Renker
Quoting Ian McDonald: | > +sync_ratelimit = HZ/8 | > +       The timeout between subsequent DCCP-Sync packets sent in response to | > +       sequence-invalid packets on the same socket (RFC 4340, 7.5.4). The unit | > +       of this parameter is jiffies; a value of 0 disables rate-limiting.

Re: [PATCH 4/5]: Rate-limit DCCP-Syncs

2007-04-10 Thread Ian McDonald
On 4/9/07, Gerrit Renker <[EMAIL PROTECTED]> wrote: [DCCP]: Rate-limit DCCP-Syncs This implements a SHOULD from RFC 4340, 7.5.4: "To protect against denial-of-service attacks, DCCP implementations SHOULD impose a rate limit on DCCP-Syncs sent in response to sequence-invalid packets, such a

[PATCH 4/5]: Rate-limit DCCP-Syncs

2007-04-09 Thread Gerrit Renker
[DCCP]: Rate-limit DCCP-Syncs This implements a SHOULD from RFC 4340, 7.5.4: "To protect against denial-of-service attacks, DCCP implementations SHOULD impose a rate limit on DCCP-Syncs sent in response to sequence-invalid packets, such as not more than eight DCCP-Syncs per second." The