Date: Fri, 14 Apr 2000 08:34:56 -0700 (PDT) From: Ruslan Ermilov <ru@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libalias alias_db.c Message-ID: <200004141534.IAA37946@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
ru 2000/04/14 08:34:56 PDT
Modified files:
lib/libalias alias_db.c
Log:
Apply TCP_EXPIRE_CONNECTED (86400 seconds) timeout only to established
connections, after SYN packets were seen from both ends. Before this,
it would get applied right after the first SYN packet was seen (either
from client or server). With broken TCP connection attempts, when the
remote end does not respond with SYNACK nor with RST, this resulted in
having a useless (ie, no actual TCP connection associated with it) TCP
link with 86400 seconds TTL, wasting system memory. With high rate of
such broken connection attempts (for example, remote end simply blocks
these connection attempts with ipfw(8) without sending RST back), this
could result in a denial-of-service.
PR: bin/17963
Revision Changes Path
1.26 +11 -17 src/lib/libalias/alias_db.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004141534.IAA37946>