Don Cohen
2002-03-01 01:53:15 UTC
qdisc (shaper) only for outgoing data. It is generaly
believed to be dumb to throttle data when they already
reached your computer or gateway.
The only reason I've ever been able to see for incoming data shaping isbelieved to be dumb to throttle data when they already
reached your computer or gateway.
to reorder packets so that, for example, FINs are sent to their
respective applications before SYNs (just an example) or ACKs before data.
be forwarded, since the same shaping can be done at output.
However, it does seem useful to be able to shape the incoming traffic
destined for the local machine.
For example, suppose this machine is running a server that you want
to limit to 10 connections/minute. It seems reasonable to do this
by limiting the rate at which syns are delivered to that server.
That might be a lot easier than trying to modify the server.
You might argue that doing it in the server would have the advantage
of being able to make more intelligent decisions about which ones to
accept and which to drop, but in fact the opposite could also be the
case. (I'm working on a project that provides an example.)
Similarly, as a way to limit resource usage, you might want to limit
the rate at which a server or client gets input (and sends output, but
you can already do that).
What I find frustrating is that, as a firewall, I can already do this
stuff for the servers (and clients) running on OTHER hosts, but I
can't do it for those running on the local machine!