I do suggest to keep it, otherwise there is a security hole which can very easily be exploited. Especially after the experiences with a computer freezing up for several minutes due to Sync floods, where rate-limiting alone has shown to be a viable countermeasure. Rate-limiting is on a per-socket basis, not for the whole stack. If one wants to take it out, it can be disabled by setting the parameter to 0. The implementation is lightweight and does not require complex calculations. | Gerrit Renker wrote: | > Quoting Ian McDonald: | > | Will have to read more about rate limiting though as I'm | > | not convinced normally about rate limiting schemes etc as they | > | invariably end up causing problems when doing things like running a | > | huge server with lots of connections. | | We pictured the rate limit (if implemented) as per connection, not for the | whole stack, which is what Gerrit has done. If the rate limit is considered | too expensive it's fine to take out, of course; it is only a SHOULD. | | Eddie | | | > | However as I said, haven't read | > | it yet so might be wrong on your intent. | > RFC 4340. 7.5.4 says that this rate-limiting is a SHOULD. I had similar | > thoughts in mind regarding the overhead that this mechanism incurs. That | > is why it is kept as simple as possible. Something like xrlim_allow is | > already too complicated (cf. comments). | > - | > To unsubscribe from this list: send the line "unsubscribe dccp" in | > the body of a message to majordomo@xxxxxxxxxxxxxxx | > More majordomo info at http://vger.kernel.org/majordomo-info.html | | - To unsubscribe from this list: send the line "unsubscribe dccp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
