On Fri, Jan 09, 2004 at 03:23:53PM +0100, Andre Oppermann wrote: > Thorsten Greiner wrote: > > > > * Andre Oppermann <andre_at_freebsd.org> [2004-01-09 11:34]: > > > You can simply increase net.inet.tcp.minmssoverload to any > > > higher value. I suggest 2,000 as next step. If set it to > > > 0 the check will be disabled entirely. > > > > Setting net.inet.tcp.minmssoverload to 4000 fixed my problem(s). > > Ok, that's an important information. > > > > This makes we wonder why the Oracle database server is sending > > > so many small packets. Is your JBoss application doing connection > > > pooling (eg. multiplexing multiple SQL sessions over one tcp > > > session)? > > > > It performs connection pooling on the application layer, i.e. it > > opens several connections and pools them to avoid reopening them. As > > far as I understand each Oracle connection is associated with a TCP > > connection - there is no pooling on the TCP level. > > Ok. Might it be that Oracle is setting the TCP_NODELAY option on > its sending socket? I guess it is difficult to find that out... > > > While I have read your commit message thoroughly I am not sure I > > have understood the consequences of the new mechanism. Will the > > exchange of many small packets trigger a connection drop? > > Yes. Once you receive more than 1,000 tcp packets per second whose > average size is below the net.inet.tcp.minmss value, then it will > assume a malicious DoS attack. It appears that the default value > of 1,000 is too low. What about ACKs from a simple TCP device such as a microcontroller? Or slip connects with MTU of 300? Many smaller controllers don't have enough RAM to do delayed acks or run at MTU 1500. Even a hand full public webservers are running on such systems! I'm a bit worried about having such a feature enabled by default to break TCP communication with specialised hardware. -- B.Walter BWCT http://www.bwct.de ticso_at_bwct.de info_at_bwct.deReceived on Fri Jan 09 2004 - 06:06:44 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:37 UTC