> in some way this "pretending to be a feature" issue should be cleaned up.
Did you receive the patch? It is supposed to fix this.
Cost of the patch is that high cost messages open way to send bursts
of low cost ones. Probably, it is even reasonable.
(plus it has buglet, misbehaving when relax rate limit is relaxed.
Not a big deal too)
> consequently since there is only one token bucket, there can only be one
> icmp rate limit. we can add a icmp type mask to enable/disable rate limiting
> for certain types.
Yes. Logically this is 100% right. Also, see below.
> whole thing overbloaed.
> using lazy instantation would be the third option i could think
Yes, only this is surely overbloat. :-)
Actually, I would prefer to limit only icmp errors (not echo)
and all in one pool. Leaving all the rest as an option, which can
be made with CBQ.