Date: Fri, 09 Jan 2004 20:35:24 +0100 From: Andre Oppermann <andre@freebsd.org> To: Maxim Konovalov <maxim@macomnet.ru> Cc: current@freebsd.org Subject: Re: the TCP MSS resource exhaustion commit Message-ID: <3FFF027C.A6900160@freebsd.org> References: <Pine.NEB.3.96L.1040109113607.63053B-100000@fledge.watson.org> <20040109215449.J19580@news1.macomnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Konovalov wrote: > > On Fri, 9 Jan 2004, 11:39-0500, Robert Watson wrote: > [...] > > I guess my basic worry in this conversation is that fundamentally, the > > rate detection and "stop" approach is based on a common case heuristic: > > "Most well behaved applications don't...". Unfortunately, I have the > > feeling we're going to run into a lot of exceptions, and while we can > > improve the heuristic, I can't help but wonder if we shouldn't disable the > > heuristic by default, and provide better reporting so that sites can tell > > Seconded. It will be a major PITA if we ship 5.2-R with "broken" > TCP/IP. I committed it with default to off for 5.2-R (the disconnect part). -- Andre > > if the heuristic *would* enable protection, and then they can optionally > > turn it on at their choice... I.e., a console message or sysctl that can > > be monitored. It's not hard for me to imagine a lot of RPC content being > > sent over TCP connections with small packet sizes: multiplexing is a > > commonly used approach, especially now that every protocol runs over HTTP > > :-). > > > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > > robert@fledge.watson.org Senior Research Scientist, McAfee Research > > -- > Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FFF027C.A6900160>