Re: the TCP MSS resource exhaustion commit

From: Andre Oppermann <andre_at_freebsd.org>
Date: Fri, 09 Jan 2004 20:35:24 +0100
Maxim Konovalov wrote:
> 
> On Fri, 9 Jan 2004, 11:39-0500, Robert Watson wrote:
> [...]
> > I guess my basic worry in this conversation is that fundamentally, the
> > rate detection and "stop" approach is based on a common case heuristic:
> > "Most well behaved applications don't...".  Unfortunately, I have the
> > feeling we're going to run into a lot of exceptions, and while we can
> > improve the heuristic, I can't help but wonder if we shouldn't disable the
> > heuristic by default, and provide better reporting so that sites can tell
> 
> Seconded.  It will be a major PITA if we ship 5.2-R with "broken"
> TCP/IP.

I committed it with default to off for 5.2-R (the disconnect part).

-- 
Andre


> > if the heuristic *would* enable protection, and then they can optionally
> > turn it on at their choice...  I.e., a console message or sysctl that can
> > be monitored.  It's not hard for me to imagine a lot of RPC content being
> > sent over TCP connections with small packet sizes: multiplexing is a
> > commonly used approach, especially now that every protocol runs over HTTP
> > :-).
> >
> > Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> > robert_at_fledge.watson.org      Senior Research Scientist, McAfee Research
> 
> --
> Maxim Konovalov, maxim_at_macomnet.ru, maxim_at_FreeBSD.org
Received on Fri Jan 09 2004 - 10:35:35 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:37 UTC