From owner-freebsd-security Fri Jan 21 15:25:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5F524153D6 for ; Fri, 21 Jan 2000 15:25:37 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA86449; Fri, 21 Jan 2000 16:25:36 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA15279; Fri, 21 Jan 2000 16:25:42 -0700 (MST) Message-Id: <200001212325.QAA15279@harmony.village.org> To: Matthew Dillon Subject: Re: stream.c worst-case kernel paths Cc: Darren Reed , brett@lariat.org (Brett Glass), security@FreeBSD.ORG In-reply-to: Your message of "Fri, 21 Jan 2000 15:21:25 PST." <200001212321.PAA64674@apollo.backplane.com> References: <200001212321.PAA64674@apollo.backplane.com> <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> Date: Fri, 21 Jan 2000 16:25:42 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200001212321.PAA64674@apollo.backplane.com> Matthew Dillon writes: : Either way this is not a big deal. Lobotomizing TCP is not necessary. I'm starting to agree with this. There have been lots of reports of ICMP_LIMIT working well. If we make changes in this area, then I'm leaning toward Matt's path. I would be *EXTREMELY* reluctant to do anything to change the tcp state machine that isn't triggered by the same mechanism used by ICMP_LIMIT. I certainly wouldn't want to break our stack by default. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message