Re: linux kernel TCP, network connections and iptables

• Next message: Marc Mutz: "2.2.17's VM makes processes do their joba faster - sometimes"
• Previous message: Alan Cox: "Re: Multiple Keyboards in 2.2/2.4?"
• In reply to: Alan Cox: "Re: linux kernel TCP, network connections and iptables"
• Next in thread: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
• Reply: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 07, 2000 at 10:51:50PM +0100, Alan Cox wrote:
> static unsigned long last_time;
>
> if(jiffies-last_time < HZ/10)
> return;
> last_time = jiffies;
>
> which will then limit to one RST per 10th sec

You do not even need patches for it. You can do it as well with a TBF
filter in the qdisc and a u32 filter that selects RSTs (it is even a
standard example in iproute2)

Another way that may work is to set the send buffer of tcp_socket in
tcp_ipv4.c to a really small value, so that only one RST packet fits.
Then you get a good load limit implicitely in the stack
(there should be probably a sysctl for that)

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Marc Mutz: "2.2.17's VM makes processes do their joba faster - sometimes"
• Previous message: Alan Cox: "Re: Multiple Keyboards in 2.2/2.4?"
• In reply to: Alan Cox: "Re: linux kernel TCP, network connections and iptables"
• Next in thread: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
• Reply: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Sep 07 2000 - 21:00:31 EST