cvs commit: src/sys/netinet ip_icmp.c tcp.h tcp_input.c tcp_subr.ctcp_usrreq.c tcp_var.h

Nate Lawson nate at root.org
Thu Jan 8 11:16:11 PST 2004


On Thu, 8 Jan 2004, Andre Oppermann wrote:
> Andre Oppermann wrote:
> >
> > andre       2004/01/08 09:40:07 PST
> >
> >   FreeBSD src repository
> >
> >   Modified files:
> >     sys/netinet          ip_icmp.c tcp.h tcp_input.c tcp_subr.c
> >                          tcp_usrreq.c tcp_var.h
> >   Log:
> >   Limiters and sanity checks for TCP MSS (maximum segement size)
> >   resource exhaustion attacks.
>
> The fix for 4-STABLE is here:
>
>  http://www.nrg4u.com/freebsd/tcpminmss-4stable-20040107.diff
>
> As usual if there are any problems contact me immediatly.  Especially
> when you see any disconnects during nomal activity.  It might be that
> I've missed a scenario or case where an application is legitimatly
> sending more than 1,000 small tcp segements per second.  However I've
> looked and tried hard to find one.

Is this disabled for lo0?  There are plenty of apps that read/write small
segments as part of a control protocol.  Of course, they can't change the
MTU and the default is 16k.  I think the SLIP MTU was 256 so perhaps a
high-speed SLIP application might be hampered.  But I see a comment in
your code about that case.

So in actuality, we're probably ok.  The magic numbers just make me
uncomfortable though.

-Nate


More information about the cvs-all mailing list