From owner-freebsd-current@FreeBSD.ORG  Fri Jan  9 10:58:06 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5481616A4CE; Fri,  9 Jan 2004 10:58:06 -0800 (PST)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2F91143D39; Fri,  9 Jan 2004 10:58:00 -0800 (PST)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (lbi76247@news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id i09Ivw7j214406;
	Fri, 9 Jan 2004 21:57:58 +0300 (MSK)
Date: Fri, 9 Jan 2004 21:57:58 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Andre Oppermann <andre@freebsd.org>
In-Reply-To: <Pine.NEB.3.96L.1040109113607.63053B-100000@fledge.watson.org>
Message-ID: <20040109215449.J19580@news1.macomnet.ru>
References: <Pine.NEB.3.96L.1040109113607.63053B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: Robert Watson <rwatson@freebsd.org>
cc: current@freebsd.org
Subject: Re: the TCP MSS resource exhaustion commit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2004 18:58:06 -0000

On Fri, 9 Jan 2004, 11:39-0500, Robert Watson wrote:
[...]
> I guess my basic worry in this conversation is that fundamentally, the
> rate detection and "stop" approach is based on a common case heuristic:
> "Most well behaved applications don't...".  Unfortunately, I have the
> feeling we're going to run into a lot of exceptions, and while we can
> improve the heuristic, I can't help but wonder if we shouldn't disable the
> heuristic by default, and provide better reporting so that sites can tell

Seconded.  It will be a major PITA if we ship 5.2-R with "broken"
TCP/IP.

> if the heuristic *would* enable protection, and then they can optionally
> turn it on at their choice...  I.e., a console message or sysctl that can
> be monitored.  It's not hard for me to imagine a lot of RPC content being
> sent over TCP connections with small packet sizes: multiplexing is a
> commonly used approach, especially now that every protocol runs over HTTP
> :-).
>
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert@fledge.watson.org      Senior Research Scientist, McAfee Research

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org