David Miller <da...@davemloft.net> wrote: > > One could argue, I suppose, that things should've been arranged that the > > RxRPC client would manage the lifetime of each connection it sets up, > > rather than both ends letting it lapse by mutual loss of interest. But > > you *still* have to have a timeout, lest the client die and not close its > > connection. > > But the point is if there is no limitation on the number of these connections > that can be setup.... wait for troubles. > > And if you try to put in some kind of limit to handle this, it's then > easy for the bad guy to block out other legitimate users.
I can put in a limit per peer, where a 'peer' is either a particular remote UDP port or particulat remote host. TCP has this by virtue of having a limited number of ports available per IP address. But if I have 10 IP addresses available, I can attempt to set up half a million TCP connections to a server simultaneously. If I have access to a box that has an NFS mount on it, I can potentially open sufficient TCP ports that the NFS mount can't make a connection if it's not allowed to use privileged ports. Am I right in thinking that you have decided that it can't be done and shouldn't be done? David
