[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ques on Diffserv on egress side only [Jamal pls read]
> > to prevent several case of DoS attacks but new (2.4)
> > kernel has support for it in it's netfilter.
> You mean apart from ingress qdisc?
yes. new firewall code can select packets not only
by their content but also can measure their rate.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit
1/s -j ACCEPT
see also --limit-burst
> > is your router which has this setup:
> > ---->--link1
> > [Box1]-->--link-->--[Queues][Box2]-+--->--link2
> > ---->--link3
> So does it make a difference if you do:
> [Box1]-->--link-->--[Box2][Queues] -+--->--link2
> I am almost (99%) sure it doesnt. I'll give you the 1%.
thanks for 1% chance ;-). Yes it WOULD be the same. but
your proposal can't be done in linux. Instead linux will
to it in this way:
There is no posibility to have common queue for multiple
So I solved it by theorem you already said: it is the
same to have common queue for multiple ifaces or to have
Implement common queue for two ifaces is very complex task
(almost unrealisable) but implementing ingres queue is simple.
> -> DMA -> backlog_queue -> Devik's_ingress_queue_here -> egress_queue).
> As you can see above, delaying them at the Devik's_ingress_queue_here or
> egress_queue would not make a difference. This is a shared bus media and
Yes but I'm not doing it for timing reasons or because I just
like to have queue at ingres. I only want to implement pictures
above - to have one queue for some aggregate flow. It is hack
but it is probably only way how to do it.
Is is more clear now ? have you another ide how to implement them ?