From owner-freebsd-hackers Fri Jun 21 6:47: 2 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id 508EC37B40B for ; Fri, 21 Jun 2002 06:46:47 -0700 (PDT) Received: (qmail 2238 invoked by uid 1000); 21 Jun 2002 13:46:43 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 21 Jun 2002 13:46:43 -0000 Date: Fri, 21 Jun 2002 15:46:43 +0200 (CEST) From: Attila Nagy To: Giorgos Keramidas Cc: Luigi Rizzo , Terry Lambert , Subject: Re: Limiting clients per source IP address (ftpd, inetd, etc.) In-Reply-To: <20020621133626.GC2476@hades.hell.gr> Message-ID: References: <20020621000924.GA2178@hades.hell.gr> <3D129CA8.EFADA4FF@mindspring.com> <20020620222032.A73450@iguana.icir.org> <3D12CE82.C6761D96@mindspring.com> <20020621003518.A77089@iguana.icir.org> <20020621133626.GC2476@hades.hell.gr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, > The main reason I was looking for a userland implementation of this was > that adding limiting to an FTP server that has an active number of a few > thousand connections might be a little resource intensive to the kernel > of the machine. It's probably OK to stay a bit to much within a > userland function that searches a hash/list of addresses, but doing this > in the kernel, is something I can't say I fully understand yet. Not only this. For example take the normal inetd behaviour for an FTP server. If the ftpd child processes grow above the limit, inetd simply won't spawn others. The users think that the service is dying (because it can be pinged, but the client can't log on) and begin to flame the operator (such a lame service :). Imagine this with the per IP address limit (this will hit more users, because of proxies, NAT boxes, etc). I think it is much better if the daemon can report this via a simple text message. The user limit thing is the last which is necessary to the FreeBSD ftpd for running an anonymous server. --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message