search for: ratelimiting

Hi, Please advise how to use Response Rate Limiting on a server which has multiple NSD server processes (nsd.conf server section has server-count > 1). We have a problem with NSD v3.2.16 repeatedly unblocking and blocking again a single source which is flooding positive queries at a ~steady 700 qps rate. rrl-ratelimit setting is the default 200 qps. The unblock-block happens multiple times

Building today in git - kernel 2.6.32 (git) + nouveau (git). Failed as nouveau_irq.c doesn't include <linux/ratelimit.h> Added the include to nouveau_irq.c and was able to compile... not sure that's where it ought to go.

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

According to the F.A.Q. there''s a patch to do ratelimiting: http://etudiant.univ-mlv.fr/~jpetazzo/bytelimit.tgz Going with the thought that this is current..I tried it. I wasn''t able to get it to compile, as support for invert was causing a failure(i think). But i was able to get it to compile when I changed line 73 and my box loaded the module....

A user reported getting spammed when moving to 3.0 by this message. Since we switched to the normal checksumming infrastructure all old free space caches will be wrong and need to be regenerated so people are likely to see this message a lot, so ratelimit it so it doesn''t fill up their logs and freak them out. Thanks, Reported-by: Andrew Lutomirski <luto@mit.edu> Signed-off-by:

...xample code illustrates this: int main(void) { int fd = open("/dev/dri/card0", O_RDONLY); if (fd == -1) err(1, "open failed"); for (;;) { void *m = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd, 0); if (m != MAP_FAILED) munmap(m, 4096); } } Reduce the spamming by ratelimiting the pr_info messages. Signed-off-by: Colin Ian King <colin.king at canonical.com> --- drivers/gpu/drm/qxl/qxl_ttm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c index 7ecf8a4b9fe6..6502e699f462 100644 --- a...

...xample code illustrates this: int main(void) { int fd = open("/dev/dri/card0", O_RDONLY); if (fd == -1) err(1, "open failed"); for (;;) { void *m = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd, 0); if (m != MAP_FAILED) munmap(m, 4096); } } Reduce the spamming by ratelimiting the pr_info messages. Signed-off-by: Colin Ian King <colin.king at canonical.com> --- drivers/gpu/drm/qxl/qxl_ttm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c index 7ecf8a4b9fe6..6502e699f462 100644 --- a...

Dear NSD users, Here is the release candidate for NSD 3.2.15. This comes with ILNP support, NSD-RRL and different TSIG initialization (it fails if it can't find no suitable algorithms, instead of can't find 'one of the'). Plus some bugfixes. The NSD-RRL implementation is based on the work by Vixie and Schryver. However, because of the code-diversity argument that is at the basis

...open failed"); > > for (;;) { > void *m = mmap(NULL, 4096, PROT_READ, > MAP_SHARED, fd, 0); > if (m != MAP_FAILED) > munmap(m, 4096); > } > } > > Reduce the spamming by ratelimiting the pr_info messages. > > Signed-off-by: Colin Ian King <colin.king at canonical.com> > --- > drivers/gpu/drm/qxl/qxl_ttm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c > index 7...

On Tue, Sep 12, 2017 at 03:02:04PM +0100, Emil Velikov wrote: > That said, I'm not sure how useful the information is - perhaps it's > better to drop it all together? Or a WARN_ONCE(). regards, dan carpenter

Avoid flooding the log in case we screw up badly. Signed-off-by: Gerd Hoffmann <kraxel at redhat.com> --- drivers/gpu/drm/virtio/virtgpu_vq.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c index 5914e79d3429..83f22933c3bb 100644 --- a/drivers/gpu/drm/virtio/virtgpu_vq.c +++

On Tue, Sep 12, 2017 at 03:02:04PM +0100, Emil Velikov wrote: > That said, I'm not sure how useful the information is - perhaps it's > better to drop it all together? Or a WARN_ONCE(). regards, dan carpenter

Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate

I think it would be nice to be able to rate limit an action, too.. suppose I have an action named Accept_good_source : ACCEPT - - tcp - 1024:65535 ACCEPT - - udp - 1024:65535 and that i want to use it in an action called AllowCVS, i can''t limit the cvs usage, but only the general use of Accept_good_source... same goes for userset... as each rule will give one iptables command, I

Hi All it is possible to tune dom0/domU for better IO/network performance? Since I have changed to Cenots7 dom0, I have a really poor IO performance inside a PV VM. I have already done what is described on http://wiki.xenproject.org/wiki/Tuning_Xen_for_Performance It is better now but still significantly worse than with centos6 dom0 my settings: xen parameter: dom0_mem=1024M cpufreq=xen

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

The PAGE_POISON macro is used in page_poison.c only, so avoid exporting it. Also remove the "mm/debug-pagealloc.c" related comment, which is obsolete. Signed-off-by: Wei Wang <wei.w.wang at intel.com> Cc: Andrew Morton <akpm at linux-foundation.org> Cc: Michal Hocko <mhocko at kernel.org> Cc: Michael S. Tsirkin <mst at redhat.com> --- include/linux/poison.h | 7

The PAGE_POISON macro is used in page_poison.c only, so avoid exporting it. Also remove the "mm/debug-pagealloc.c" related comment, which is obsolete. Signed-off-by: Wei Wang <wei.w.wang at intel.com> Cc: Andrew Morton <akpm at linux-foundation.org> Cc: Michal Hocko <mhocko at kernel.org> Cc: Michael S. Tsirkin <mst at redhat.com> --- include/linux/poison.h | 7

On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <joro at 8bytes.org> wrote: > > From: Joerg Roedel <jroedel at suse.de> > > Send SIGBUS to the user-space process that caused the #VC exception > instead of killing the machine. Also ratelimit the error messages so > that user-space can't flood the kernel log. What would cause this? CPUID? Something else? --Andy

People are proposing rate-limiting built into BIND, to defend against some DoS attackes (a proposal <http://fanf.livejournal.com/122111.html> and its implementation <https://github.com/fanf2/bind-9/blob/master/doc/misc/ratelimiting>). What is the current thinking for NSD? (It is a truly open question, do not take it as "this guy requires rate-limiting in NSD".)