From owner-freebsd-bugs  Mon Oct 28 19:10: 4 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0CAB37B401
	for <freebsd-bugs@hub.freebsd.org>; Mon, 28 Oct 2002 19:10:03 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7334143E6E
	for <freebsd-bugs@hub.freebsd.org>; Mon, 28 Oct 2002 19:10:03 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9T3A3x3003626
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 28 Oct 2002 19:10:03 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9T3A30F003625;
	Mon, 28 Oct 2002 19:10:03 -0800 (PST)
Date: Mon, 28 Oct 2002 19:10:03 -0800 (PST)
Message-Id: <200210290310.g9T3A30F003625@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: kenji@k2r.org
Subject: Re: misc/39787: T/TCP support
Reply-To: kenji@k2r.org
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/39787; it has been noted by GNATS.

From: kenji@k2r.org
To: freebsd-gnats-submit@FreeBSD.org, dhuang@qobra.com
Cc: kenji@k2r.org
Subject: Re: misc/39787: T/TCP support
Date: 29 Oct 2002 12:00:17 +0900

 The reason of this behavior is documented in
 /usr/src/sys/netinet/tcp_syncache.c
 (I quote from the 4.6.2-RELEASE version,
 src/sys/netinet/tcp_syncache.c,v 1.5.2.6)
 as follows, just before the function syncache_add():
 
 - quote -
 
  * IMPORTANT NOTE: We do _NOT_ ACK data that might accompany the SYN.
  * Doing so would require that we hold onto the data and deliver it
  * to the application.  However, if we are the target of a SYN-flood
  * DoS attack, an attacker could send data which would eventually
  * consume all available buffer space if it were ACKed.  By not ACKing
  * the data, we avoid this DoS scenario.
 
 - unquote -
 
 So I'd rather consider this as an *intentional feature* of FreeBSD
 to block SYN-flooding.
 
 // Kenji Rikitake <kenji.rikitake@acm.org>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message