From owner-freebsd-current@FreeBSD.ORG  Fri Jan  9 11:35:35 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8D1B216A4CE
	for <current@freebsd.org>; Fri,  9 Jan 2004 11:35:35 -0800 (PST)
Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch
	[62.48.0.70])	by mx1.FreeBSD.org (Postfix) with ESMTP id BD26143D31
	for <current@freebsd.org>; Fri,  9 Jan 2004 11:35:31 -0800 (PST)
	(envelope-from andre@freebsd.org)
Received: (qmail 41133 invoked from network); 9 Jan 2004 19:35:30 -0000
Received: from unknown (HELO freebsd.org) ([62.48.0.53])
          (envelope-sender <andre@freebsd.org>)
          by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP
          for <maxim@macomnet.ru>; 9 Jan 2004 19:35:30 -0000
Message-ID: <3FFF027C.A6900160@freebsd.org>
Date: Fri, 09 Jan 2004 20:35:24 +0100
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Maxim Konovalov <maxim@macomnet.ru>
References: <Pine.NEB.3.96L.1040109113607.63053B-100000@fledge.watson.org>
	<20040109215449.J19580@news1.macomnet.ru>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: Robert Watson <rwatson@freebsd.org>
cc: current@freebsd.org
Subject: Re: the TCP MSS resource exhaustion commit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2004 19:35:35 -0000

Maxim Konovalov wrote:
> 
> On Fri, 9 Jan 2004, 11:39-0500, Robert Watson wrote:
> [...]
> > I guess my basic worry in this conversation is that fundamentally, the
> > rate detection and "stop" approach is based on a common case heuristic:
> > "Most well behaved applications don't...".  Unfortunately, I have the
> > feeling we're going to run into a lot of exceptions, and while we can
> > improve the heuristic, I can't help but wonder if we shouldn't disable the
> > heuristic by default, and provide better reporting so that sites can tell
> 
> Seconded.  It will be a major PITA if we ship 5.2-R with "broken"
> TCP/IP.

I committed it with default to off for 5.2-R (the disconnect part).

-- 
Andre


> > if the heuristic *would* enable protection, and then they can optionally
> > turn it on at their choice...  I.e., a console message or sysctl that can
> > be monitored.  It's not hard for me to imagine a lot of RPC content being
> > sent over TCP connections with small packet sizes: multiplexing is a
> > commonly used approach, especially now that every protocol runs over HTTP
> > :-).
> >
> > Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> > robert@fledge.watson.org      Senior Research Scientist, McAfee Research
> 
> --
> Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org