Date: Fri, 21 Jun 2002 15:46:43 +0200 (CEST) From: Attila Nagy <bra@fsn.hu> To: Giorgos Keramidas <keramida@FreeBSD.org> Cc: Luigi Rizzo <rizzo@icir.org>, Terry Lambert <tlambert2@mindspring.com>, <hackers@FreeBSD.org> Subject: Re: Limiting clients per source IP address (ftpd, inetd, etc.) Message-ID: <Pine.LNX.4.44.0206211539180.907-100000@scribble.fsn.hu> In-Reply-To: <20020621133626.GC2476@hades.hell.gr> References: <20020621000924.GA2178@hades.hell.gr> <3D129CA8.EFADA4FF@mindspring.com> <20020620222032.A73450@iguana.icir.org> <3D12CE82.C6761D96@mindspring.com> <20020621003518.A77089@iguana.icir.org> <20020621133626.GC2476@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > The main reason I was looking for a userland implementation of this was > that adding limiting to an FTP server that has an active number of a few > thousand connections might be a little resource intensive to the kernel > of the machine. It's probably OK to stay a bit to much within a > userland function that searches a hash/list of addresses, but doing this > in the kernel, is something I can't say I fully understand yet. Not only this. For example take the normal inetd behaviour for an FTP server. If the ftpd child processes grow above the limit, inetd simply won't spawn others. The users think that the service is dying (because it can be pinged, but the client can't log on) and begin to flame the operator (such a lame service :). Imagine this with the per IP address limit (this will hit more users, because of proxies, NAT boxes, etc). I think it is much better if the daemon can report this via a simple text message. The user limit thing is the last which is necessary to the FreeBSD ftpd for running an anonymous server. --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0206211539180.907-100000>