- 论坛徽章:
- 0
|
谈一下如何利用iptables限制速度(不用tc)
TC也是限包的数量的,没有看到设置tc的时候都要写平均包大小吗?
tc是不会告诉对方慢下来这样的事情的,tc不是工作在tcp层上的。
再者,tcp也不是靠告诉对方慢下来来限制速度的,而是通过window机制来自动调整发包速度。
同样,任何一种可靠数据连接的传输协议的设计,都会有类似于window的机制。window大能够更加高效率的利用网络提高传输速度,window小,可是适合那种丢包严重的网络环境。
此外,我看了一下内核,linux不会发出ICMP_SOURCE_QUENCH的数据包,除了tcp协议以外,也不会处理ICMP_SOURCE_QUENCH包。
下面是我找到的有关ICMP_SOURCE_QUENCH的描述
-------------------
The severity of the spoofing of ICMP Source Quench packets is likely to be moderate to low because the support of routers for Source Quench as a means of congestion control has been deprecated for ten years. RFC 1812 section 5.3.6 states: "As described in Section [4.3.3.3], this document recommends that a router SHOULD NOT send a Source Quench to the sender of the packet that it is discarding. ICMP Source Quench is a very weak mechanism, so it is not necessary for a router to send it, and host software should not use it exclusively as an indicator of congestion." On the other hand, RFC 1122 section 4.2.3.9 states that "TCP MUST react to a Source Quench by slowing transmission on the connection", a statement honoured in a number of TCP implementations. To mitigate Source Quench attacks using spoofed IP addresses in the payload, ICMP Source Quench (ICMP Type 4) messages should not be allowed through routers or through firewalls at the organisational perimeter. It is reasonable to allow routers to block Source Quench packets if their use is deprecated.
--------------- |
|