From owner-freebsd-net Thu Jun 7 1:29:51 2001 Delivered-To: freebsd-net@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 2102537B406; Thu, 7 Jun 2001 01:29:48 -0700 (PDT) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id KAA40095; Thu, 7 Jun 2001 10:25:35 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200106070825.KAA40095@info.iet.unipi.it> Subject: Re: using ipfw's ``pipe'' to limit icmp traffic In-Reply-To: <3B1F0EC3.28C7A21C@herbelot.com> from Thierry Herbelot at "Jun 7, 2001 07:18:59 am" To: Thierry Herbelot Date: Thu, 7 Jun 2001 10:25:35 +0200 (CEST) Cc: mi@aldan.algebra.com, question@FreeBSD.ORG, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > if it ever needs more than 64Kbit/s, it is an attack... > > > > This seems to work, but when I try to ping something outised the > > network, the ping time is around 10 msec. Without the above piping, it > > is around 0.5 msec. It is the bandwidth, that I'm trying to limit, not > > the minimum latency! > > the pipe facility is using the kernel clock, which has a default > frequency of 100 Hz (thus the 10ms latency). on top of this, 512 bit (64 bytes) take about 8ms to run through a 64Kbit/s pipe (transmission time) so even reducing the granularity will not change things much. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message