Hi, On Fri, Jun 24, 2022 at 11:13:40AM +0200, Antonio Quartulli wrote: > do we still need this patch after having merged Arne's HMAC feature?
Yes and no.
*This* patch won't apply anymore, but Arne said "we're now much faster
in replying to packets than ever before" so we might indeed need a
per-source-ip rate-limiter, to something like "10 per 10 seconds" or
so (inventing arbitrary number that should be more than enough even
for "5 users behind the same NAT reconnect at the same time", while
at the same time too low to cause harm as a reflector) for the
initial reply.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
