Date: Sun, 17 Sep 2000 15:44:07 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Alfred Perlstein <alfred@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern uipc_accf.c src/sys/netinet accf_http.c src/sys/sys socketvar.h Message-ID: <200009171944.PAA58478@khavrinen.lcs.mit.edu> In-Reply-To: <20000907022131.V18862@fw.wintelcom.net> References: <200009061849.LAA34906@freefall.freebsd.org> <20000907023342.G656@hand.dotat.at> <20000907022131.V18862@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[Clearing out some old mail...] <<On Thu, 7 Sep 2000 02:21:31 -0700, Alfred Perlstein <alfred@FreeBSD.org> said: > That's possible, but right now I'd like to fix the way listen() > overflows are handled. (make them FIFO) Listen queue overflows are handled the way they are in order to mitigate certain classes of DoS attacks. As it happens, I think the code is not written as efficiently as it could have been[1], but drop-tail is definitely the wrong queueing model for the listen queue. -GAWollman [1] Specifically, the code attempts to implement random drop, but does so in rather inefficiently. Rather than indexing the listen queue to find a random connection to drop, a more efficient implementation would implement the strategy described in the RED paper; that being to choose a random interval (with mean proportional to the average fullness of the queue) and then simply drop the new connection at that interval. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009171944.PAA58478>