From owner-freebsd-current@FreeBSD.ORG Fri Jan 9 11:35:35 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D1B216A4CE for ; Fri, 9 Jan 2004 11:35:35 -0800 (PST) Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD26143D31 for ; Fri, 9 Jan 2004 11:35:31 -0800 (PST) (envelope-from andre@freebsd.org) Received: (qmail 41133 invoked from network); 9 Jan 2004 19:35:30 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 9 Jan 2004 19:35:30 -0000 Message-ID: <3FFF027C.A6900160@freebsd.org> Date: Fri, 09 Jan 2004 20:35:24 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Maxim Konovalov References: <20040109215449.J19580@news1.macomnet.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Robert Watson cc: current@freebsd.org Subject: Re: the TCP MSS resource exhaustion commit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2004 19:35:35 -0000 Maxim Konovalov wrote: > > On Fri, 9 Jan 2004, 11:39-0500, Robert Watson wrote: > [...] > > I guess my basic worry in this conversation is that fundamentally, the > > rate detection and "stop" approach is based on a common case heuristic: > > "Most well behaved applications don't...". Unfortunately, I have the > > feeling we're going to run into a lot of exceptions, and while we can > > improve the heuristic, I can't help but wonder if we shouldn't disable the > > heuristic by default, and provide better reporting so that sites can tell > > Seconded. It will be a major PITA if we ship 5.2-R with "broken" > TCP/IP. I committed it with default to off for 5.2-R (the disconnect part). -- Andre > > if the heuristic *would* enable protection, and then they can optionally > > turn it on at their choice... I.e., a console message or sysctl that can > > be monitored. It's not hard for me to imagine a lot of RPC content being > > sent over TCP connections with small packet sizes: multiplexing is a > > commonly used approach, especially now that every protocol runs over HTTP > > :-). > > > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > > robert@fledge.watson.org Senior Research Scientist, McAfee Research > > -- > Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org