On Tue, Jul 31, 2001 at 10:59:39PM +0300, Pekka Savola wrote:
bad ping responder == bad PR ;-)
And anyway, who is anyone to judge what the system should be used
for?
I want a system to respond to ping without limitations; it's good
for debugging, diagnostics, etc. If I want, I can just filter the
requests out, or rate-limit the responses.
People who want to do strange stuff can tweak via sysctl.
However, ICMP error messages cannot be effectively filtered; they
may happen due to TTL=0 when forwarding, legit or illegit UDP
connection etc.; only way to effectively limit them is by
rate-limiting. If rate-limiting with informational and error
types are the same, we have an inflexible situation here.
Networks are lossy, you can spill the odd packet anyhow.
It was just a suggestion that we merge all ICMP rate-limiting for
simplicity, I don't see it being an issue for the majority of users.
Perhaps I am wrong, in which case DaveM and Alexey will ignore me :)
I really don't see the need to continue to discuss this further on the
list, but by all means flame me in private!
--cw
|