Ben wrote: > On Thu, 2004-02-05 at 18:03, Nuutti Kotivuori wrote: > >> What you would wish to do is have a simple per connection token >> bucket, and just DROP every packet exceeding the rate in the >> connection, am I right? > > I don't want to loose data, so dropping packets definately seems > like the wrong thing to do. Unless that's how ingress filters work? > I haven't used them before. Dropping packets will not mean losing data - it just means that the TCP connections have to resend the packets and in general means that the connection will throttle itself to the configured rate. But ingress filtering as it is now works exactly like that. The packet that you are receiving has already reached your machine and you either drop it or accept it. If you wish to do something further, you can look into IMQ. > Fortunately I have access to the code of my server application, > because it sounds like the easiest thing is going to be to just put > per-session rate limiting into that. Right, well, it probably is the easiest solution - just note that you will be working from behind your own receive buffers and tcp windows, which means that the connection might initially accept (burst) more data than you expect before the buffers fill. -- Naked _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
