> On Thu, Feb 28, 2002 at 10:08:16AM +0100, Martin Devera wrote: > > qdisc (shaper) only for outgoing data. It is generaly > > believed to be dumb to throttle data when they already > > reached your computer or gateway. > > The only reason I've ever been able to see for incoming data shaping is > to reorder packets so that, for example, FINs are sent to their > respective applications before SYNs (just an example) or ACKs before data. It doesn't seem very important to shape the incoming traffic that will be forwarded, since the same shaping can be done at output. However, it does seem useful to be able to shape the incoming traffic destined for the local machine. For example, suppose this machine is running a server that you want to limit to 10 connections/minute. It seems reasonable to do this by limiting the rate at which syns are delivered to that server. That might be a lot easier than trying to modify the server. You might argue that doing it in the server would have the advantage of being able to make more intelligent decisions about which ones to accept and which to drop, but in fact the opposite could also be the case. (I'm working on a project that provides an example.) Similarly, as a way to limit resource usage, you might want to limit the rate at which a server or client gets input (and sends output, but you can already do that). What I find frustrating is that, as a firewall, I can already do this stuff for the servers (and clients) running on OTHER hosts, but I can't do it for those running on the local machine!
