bad ping responder == bad PR ;-)
And anyway, who is anyone to judge what the system should be used
for?
I want a system to respond to ping without limitations; it's good
for debugging, diagnostics, etc. If I want, I can just filter the
requests out, or rate-limit the responses.
People who want to do strange stuff can tweak via sysctl.
However, ICMP error messages cannot be effectively filtered; they
may happen due to TTL=0 when forwarding, legit or illegit UDP
connection etc.; only way to effectively limit them is by
rate-limiting. If rate-limiting with informational and error
types are the same, we have an inflexible situation here.
Networks are lossy, you can spill the odd packet anyhow.
It was just a suggestion that we merge all ICMP rate-limiting for
simplicity, I don't see it being an issue for the majority of users.
Perhaps I am wrong, in which case DaveM and Alexey will ignore me :)
I really don't see the need to continue to discuss this further on the
list, but by all means flame me in private!
--cw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/