Date: Wed, 20 Dec 2006 09:45:15 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-net@freebsd.org, Anton Yuzhaninov <citrin@citrin.ru> Subject: Re: Automatic TCP send and receive socket buffer sizing Message-ID: <20061220084515.GK48407@obiwan.tataz.chchile.org> In-Reply-To: <458142DB.8000002@freebsd.org> References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Andre, Thank you for your work, it looks very exciting ! On Thu, Dec 14, 2006 at 01:26:03PM +0100, Andre Oppermann wrote: > The > automatic send buffer is not perfect either and has some cases where > it may allocate too much resources of the host to a particular connection. > OTOH it does much better than the small fixed sized buffer we had before. This makes me think it makes easier the way to a DoS. A malicious user with a big pipe may open several TCP connections and then manage each send buffer to reach the maximum size (which is eight time bigger the classical one by default). This would mean it is eight time easier to exhaust kernel memory. In this case, how one could prevent his box from being a potential victim of this ? Thank you. Best regards -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061220084515.GK48407>