I just pushed a rate limiting cleanup. The old rate limiting was carefully tuned to match what a single well behaved client would send. That doesn't leave room for several clients behind a NAT box.
The code now allows 1 packet per second average with a burst of 20. (There is no way to change those yet.) ntpq/mrulist has 2 new columns. "drop" is the number of dropped packets. "score" is what feeds the rate limiting test. I think I've got everything scaled such that score is packets per second. mrulist now allows sorting by score and drop. There are also new filtering options: mindrop, minscore, and minlstint. There was an undocumented maxlstint. minlstint gets the other end of the list. If you have a server that gets a lot of traffic, please test and poke around with the new mrulist options. The attached will look better in a fixed width font. I can't tell if the crap is DDoS or really crappy code. ---------- The CI stuff failed. debian-unstable can't find CMAC_CTX_new. That comes from OpenSSL.
ntpq> mru sort=score minscore=100 Ctrl-C will stop MRU retrieval and display partial results. lstint avgint rstr r m v count score drop rport remote address ===================================================================== 7916 0.012 f0 L 3 3 6424 298.365 6403 123 75.127.208.210 15285 0.009 f0 L 3 3 8509 385.730 8489 123 75.127.185.186 2423 2.22 f0 L 3 3 12912 542.655 12885 123 142.112.43.208 21471 0.004 f0 L 3 3 13548 572.857 13527 123 66.193.26.54 11220 0.909 f0 L 3 4 16975 666.321 16943 123 68.184.190.238 4739 0.003 f0 L 3 4 18464 724.143 18439 123 209.49.58.146 3619 0.001 f0 L 3 4 21770 788.461 21750 634 4.14.252.174 31624 0.007 f0 L 3 4 20246 794.558 20212 123 190.218.26.192 3619 0.001 f0 L 3 4 22767 826.003 22747 634 4.79.238.58 10863 0.003 f0 L 3 3 52110 1379.856 52086 123 73.98.90.152 32543 0.001 f0 L 3 4 116145 4569.502 116120 123 189.172.189.75 5820 0.065 f0 L 3 3 290249 6028.799 290207 634 63.98.240.2 10964 0.001 f0 L 3 3 158018 6210.676 157996 634 68.15.45.113 32216 0.001 f0 L 3 3 199275 7821.732 199255 123 208.105.116.74 # Collected 14 slots in 0.185 seconds ntpq> mru sort=drop mindrop=100000 Ctrl-C will stop MRU retrieval and display partial results. lstint avgint rstr r m v count score drop rport remote address ===================================================================== 32793 0.001 f0 L 3 4 116145 4569.502 116120 123 189.172.189.75 7672 0.099 d0 . 3 3 116533 0.206 116503 123 50.233.222.130 11213 0.001 f0 L 3 3 158018 6210.676 157996 634 68.15.45.113 5099 0.161 d0 . 3 4 163711 0.236 163659 123 12.183.201.66 32465 0.001 f0 L 3 3 199275 7821.732 199255 123 208.105.116.74 6069 0.065 f0 L 3 3 290249 6028.799 290207 634 63.98.240.2 # Collected 6 slots in 0.196 seconds
-- These are my opinions. I hate spam.
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
