From owner-freebsd-security Mon Dec 17 1: 8: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from raven.robbins.dropbear.id.au (069.a.006.mel.iprimus.net.au [210.50.44.69]) by hub.freebsd.org (Postfix) with ESMTP id A975237B41A for ; Mon, 17 Dec 2001 01:07:57 -0800 (PST) Received: (from tim@localhost) by raven.robbins.dropbear.id.au (8.11.6/8.11.6) id fBH8s7r34489 for freebsd-security@FreeBSD.ORG; Mon, 17 Dec 2001 19:54:07 +1100 (EST) (envelope-from tim) Date: Mon, 17 Dec 2001 19:54:06 +1100 From: "Tim J. Robbins" To: freebsd-security@FreeBSD.ORG Subject: Re: options TCP_DROP_SYNFIN Message-ID: <20011217195406.A34425@raven.robbins.dropbear.id.au> References: <20011217073102.GA94480@noname> <20011217185456.A34365@raven.robbins.dropbear.id.au> <20011217083432.GA96883@noname> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011217083432.GA96883@noname>; from paulius@kaktusas.org on Mon, Dec 17, 2001 at 10:34:32AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Dec 17, 2001 at 10:34:32AM +0200, Paulius Bulotas wrote: > Ok, so I should disable keep alive in Apache and enable SYN+FIN (disable > option ;), then I'll get faster connects.?. but how many clients (OSes) use > this rfc? None? or they should be enabled somehow? There's no point changing these settings from the defaults on a web server. Leaving HTTP keepalives enabled and T/TCP un-broken should be more efficient than any other combination. I don't know of any clients other than FreeBSD that have T/TCP support; to enable it, sysctl -w net.inet.tcp.rfc1644=1 . Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message