From owner-cvs-all Fri Apr 14 8:34:59 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id ABBF537B5D5; Fri, 14 Apr 2000 08:34:56 -0700 (PDT) (envelope-from ru@FreeBSD.org) Received: (from ru@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id IAA37946; Fri, 14 Apr 2000 08:34:56 -0700 (PDT) (envelope-from ru@FreeBSD.org) Message-Id: <200004141534.IAA37946@freefall.freebsd.org> From: Ruslan Ermilov Date: Fri, 14 Apr 2000 08:34:56 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libalias alias_db.c Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG ru 2000/04/14 08:34:56 PDT Modified files: lib/libalias alias_db.c Log: Apply TCP_EXPIRE_CONNECTED (86400 seconds) timeout only to established connections, after SYN packets were seen from both ends. Before this, it would get applied right after the first SYN packet was seen (either from client or server). With broken TCP connection attempts, when the remote end does not respond with SYNACK nor with RST, this resulted in having a useless (ie, no actual TCP connection associated with it) TCP link with 86400 seconds TTL, wasting system memory. With high rate of such broken connection attempts (for example, remote end simply blocks these connection attempts with ipfw(8) without sending RST back), this could result in a denial-of-service. PR: bin/17963 Revision Changes Path 1.26 +11 -17 src/lib/libalias/alias_db.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message