From: "Philip A. Prindeville" <philipp_subx@redfish-solutions.com>
To: David Miller <davem@davemloft.net>
Cc: torsten.schmidt@s2006.tu-chemnitz.de, netdev@vger.kernel.org
Subject: Re: [PATCH] ipv4: add DiffServ priority based routing
Date: Thu, 11 Mar 2010 12:32:56 -0700 [thread overview]
Message-ID: <4B994568.4010003@redfish-solutions.com> (raw)
In-Reply-To: <20100311.112941.177105216.davem@davemloft.net>
On 03/11/2010 12:29 PM, David Miller wrote:
> From: "Philip A. Prindeville" <philipp_subx@redfish-solutions.com>
> Date: Thu, 11 Mar 2010 12:25:24 -0700
>
>> I agree with the notion that certain values should be set side-wide
>> (or at least system-wide) to prevent malicious users from exploiting
>> QoS... that's why I've been advocating for QoS settings to be
>> specified in a system configuration file, and not a per-user
>> configuration file.
>
> So I can set whatever I want on my personal workation.
>
> I'm sure sysadmins will be happy about that.
>
> Look, this doesn't work. QoS handling and policy belongs in the
> egress point to the network, it's the only way to control this
> properly and prevent abuse.
Well, anyone who has 'root' on their workstation can already do a fair amount of damage on a network... we're not letting any new genies out of the bottle... we're just giving them more room to stretch.
"QoS handling and policy belongs in the egress point to the network, it's the only way to control this properly and prevent abuse."
Except that it doesn't. As I pointed out in another email, TFTP, FTP-Data, and RTP are very hard to categorize correctly.
For that matter, so is SSH, since it can be an interactive shell session, an SCP file transfer, or a mix of various tunneled protocols like X and LPR.
So by the time packets get to the egress point, oftentimes you've lost sufficient information to adequately categorize them.
next prev parent reply other threads:[~2010-03-11 19:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-12 13:32 [PATCH] ipv4: add DiffServ priority based routing Torsten Schmidt
2010-01-12 20:16 ` David Miller
2010-01-12 20:59 ` Philip A. Prindeville
2010-01-12 21:03 ` David Miller
2010-01-12 21:33 ` Philip A. Prindeville
2010-01-13 4:47 ` Steven Blake
2010-03-11 19:25 ` Philip A. Prindeville
2010-03-11 19:29 ` David Miller
2010-03-11 19:32 ` Philip A. Prindeville [this message]
2010-03-12 11:18 ` Benny Amorsen
2011-02-21 6:01 ` Philip Prindeville
2010-01-14 11:50 ` Torsten Schmidt
2010-01-14 12:50 ` Eric Dumazet
2010-01-15 0:51 ` David Miller
2010-01-15 8:24 ` Eric Dumazet
2010-01-15 8:26 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B994568.4010003@redfish-solutions.com \
--to=philipp_subx@redfish-solutions.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=torsten.schmidt@s2006.tu-chemnitz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).