cvs commit: src/sys/netinet ip_icmp.c tcp.h tcp_input.c
tcp_subr.ctcp_usrreq.c tcp_var.h
Nate Lawson
nate at root.org
Thu Jan 8 11:16:11 PST 2004
On Thu, 8 Jan 2004, Andre Oppermann wrote:
> Andre Oppermann wrote:
> >
> > andre 2004/01/08 09:40:07 PST
> >
> > FreeBSD src repository
> >
> > Modified files:
> > sys/netinet ip_icmp.c tcp.h tcp_input.c tcp_subr.c
> > tcp_usrreq.c tcp_var.h
> > Log:
> > Limiters and sanity checks for TCP MSS (maximum segement size)
> > resource exhaustion attacks.
>
> The fix for 4-STABLE is here:
>
> http://www.nrg4u.com/freebsd/tcpminmss-4stable-20040107.diff
>
> As usual if there are any problems contact me immediatly. Especially
> when you see any disconnects during nomal activity. It might be that
> I've missed a scenario or case where an application is legitimatly
> sending more than 1,000 small tcp segements per second. However I've
> looked and tried hard to find one.
Is this disabled for lo0? There are plenty of apps that read/write small
segments as part of a control protocol. Of course, they can't change the
MTU and the default is 16k. I think the SLIP MTU was 256 so perhaps a
high-speed SLIP application might be hampered. But I see a comment in
your code about that case.
So in actuality, we're probably ok. The magic numbers just make me
uncomfortable though.
-Nate
More information about the cvs-all
mailing list