From owner-freebsd-net@FreeBSD.ORG Thu Dec 21 12:22:20 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B1D3516A416 for ; Thu, 21 Dec 2006 12:22:20 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.freebsd.org (Postfix) with ESMTP id 8992713C4B2 for ; Thu, 21 Dec 2006 12:22:10 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so2834868nfc for ; Thu, 21 Dec 2006 04:22:09 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=VbjGJ9SZVMBD6N2LzB8aaNVJdEFAyzK/7XqeDtTgucOMsx3/7tsA+PZl350en8e8m9m5qk3Q3vMDs3sj8KPcF+NTkQEEn1VU15q0NCicprxVItlO22NsUOH7gUUStpQvbQHRuic4hcvFblWnrBI4BkUBFnFs5Esj/h9tKZYGMUo= Received: by 10.82.184.2 with SMTP id h2mr1868863buf.1166694519186; Thu, 21 Dec 2006 01:48:39 -0800 (PST) Received: by 10.82.134.15 with HTTP; Thu, 21 Dec 2006 01:48:38 -0800 (PST) Message-ID: <3aaaa3a0612210148n78b326a5wde5efa2e8dc4edb9@mail.gmail.com> Date: Thu, 21 Dec 2006 09:48:38 +0000 From: Chris To: "Jeremie Le Hen" In-Reply-To: <20061220084515.GK48407@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457F2D82.6000905@freebsd.org> <1299780826.20061214141629@citrin.ru> <458142DB.8000002@freebsd.org> <20061220084515.GK48407@obiwan.tataz.chchile.org> Cc: freebsd-net@freebsd.org, Andre Oppermann , Anton Yuzhaninov Subject: Re: Automatic TCP send and receive socket buffer sizing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 12:22:20 -0000 On 20/12/06, Jeremie Le Hen wrote: > Hi Andre, > > Thank you for your work, it looks very exciting ! > > On Thu, Dec 14, 2006 at 01:26:03PM +0100, Andre Oppermann wrote: > > The > > automatic send buffer is not perfect either and has some cases where > > it may allocate too much resources of the host to a particular connection. > > OTOH it does much better than the small fixed sized buffer we had before. > > This makes me think it makes easier the way to a DoS. A malicious user > with a big pipe may open several TCP connections and then manage > each send buffer to reach the maximum size (which is eight time bigger > the classical one by default). This would mean it is eight time > easier to exhaust kernel memory. In this case, how one could prevent > his box from being a potential victim of this ? > > Thank you. > Best regards > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > I think the opposite, without this patch my send window set to 256k for 'all' connections to allow decent speeds. With the patch most connections will be just 8k in size and some be 256k. so worst case scenario with patch during a DOS they will all use 256k windows but without the patch they would all use 256k regardless. p.s. waiting still for releng 6 patch :) Chris