the TCP MSS resource exhaustion commit
Maxim Konovalov
maxim at macomnet.ru
Fri Jan 9 10:58:06 PST 2004
On Fri, 9 Jan 2004, 11:39-0500, Robert Watson wrote:
[...]
> I guess my basic worry in this conversation is that fundamentally, the
> rate detection and "stop" approach is based on a common case heuristic:
> "Most well behaved applications don't...". Unfortunately, I have the
> feeling we're going to run into a lot of exceptions, and while we can
> improve the heuristic, I can't help but wonder if we shouldn't disable the
> heuristic by default, and provide better reporting so that sites can tell
Seconded. It will be a major PITA if we ship 5.2-R with "broken"
TCP/IP.
> if the heuristic *would* enable protection, and then they can optionally
> turn it on at their choice... I.e., a console message or sysctl that can
> be monitored. It's not hard for me to imagine a lot of RPC content being
> sent over TCP connections with small packet sizes: multiplexing is a
> commonly used approach, especially now that every protocol runs over HTTP
> :-).
>
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org Senior Research Scientist, McAfee Research
--
Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org
More information about the freebsd-current
mailing list