Hello,
On Mon, Jun 26, 2017 at 05:51:08PM +0200, Alexander Bluhm wrote: > On Mon, Jun 26, 2017 at 10:29:24AM +0200, Alexandr Nedvedicky wrote: > > > +#define PF_FRAG_STALE 200 /* Limit fragments per second per > > > connection */ > > > I did not get how we arrived to 'Limit fragments per second per > > connection.' > > Actually I was looking at markus@'s algorithm and tried to write > the idea of the value in a single line comment. Maybe I got it > wrong. To increase confusion the existing comment had a calculation > error 60*200 = 18,000; that is only 12,000. > > If we find a fragment that is 12,000 generation numbers behind, it > is considered stale. Fragments that are older than 60 seconds are > removed from the queue. So if new fragments arrive at a rate of > less than 200 fragments per second, they never get stale. 200 is > the maximum fragment rate per second per connection in avarage over > one minute. If we change the timeout, the interval over which the > avarage is created changes, but the rate per second is constant. > > Perhaps it gets clear with a longer comment. > > Should we use a different value for IPv6? There the id is 32 bit, > but the 8 bit proto is irrelevant. To keep it simple, I currently > use the same value for both IP versions. > > ok? > thank you very much to clarifying things. All clear for me now. OK sashan@ </snip>