Date: Wed, 18 Jul 2001 09:36:10 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Mike Silbersack <silby@silby.com> Cc: Peter Wemm <peter@wemm.org>, freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <3B55BAFA.B507F39C@mindspring.com> References: <20010717224921.W3744-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > How about attempting to kill two birds with one stone and really solve the > > SYN flood problem at the same time as dealing with the ISS stuff. > > A SYN Cache would be good (and I was planning to work on such issues when > I get more time), but it's really unrelated to the issue at present. > > Netbsd's RFC1948 support isn't actually in use yet; it looks Jason Thorpe > added it, then didn't trust it enough to enable it yet. :) Ashutosh S. Rajekar, near the end of June on -hackers, suggested that a SYN-cache that held onto the cached object even after the SYN-SYNACK-ACK, until the first data down the pipe, might be a good idea. This is much more agressive... I'm not sure it's called for, but, for high contention, high latency links, I think I like the idea much more than the simple cache that will actually allocated the inpcb, tcpcb, and socket, after getting the final ACK of the handshake. If you are actually thinking of doing this, you might want to look at using the BSDI version of the SYN cache code, instead. Neither one implements Ashutosh's "aggressive Syn cache" idea, though... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B55BAFA.B507F39C>