Date: Thu, 9 Sep 1999 13:37:43 +0400 (MSD) From: Stas Kisel <stas@sonet.crimea.ua> To: avalon@coombs.anu.edu.au Cc: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: mbuf shortage situations Message-ID: <199909090937.NAA18028@sonet.crimea.ua> In-Reply-To: <199909091015.UAA02113@cheops.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Darren Reed <avalon@coombs.anu.edu.au> > > In some mail from Stas Kisel, sie said: > [...] > > IMHO it is a good idea to develop tcp_drain() from /sys/netinet/tcp_subr.c > > It should be quite intellectual to select a target - a process or a uid, > > which does not read properly from it's sockets, and has many data in mbufs. > > The problem with this is the BSD TCP/IP implementation ACK's (or at least > attempts to ACK) data as soon as it is received and it is a big no-no to > discard queued data that has already been ACK'd. It is big no-no first to diskard a packet and then to continue connection. But we can easily send RST and drop connection (clean buffer first, because we don't have memory ever for RST packet, or send it only with the next packet, arrived on dropped connection, better). And this is probably what will happen if limit is reached, too. And in case of an evil thief had stolen Ethernet cable while connection in progress, too :) (Just why I think RFC should permit dropping connection). -- Stas Kisel. UNIX, security, C, TCP/IP, Web. UNIX - the best adventure game http://www.tekmetrics.com/transcript.shtml?pid=20053 http://www.crimea.edu +380(652)510222,230238 ; stas@crimea.edu stas@sonet.crimea.ua ; 2:460/54.4 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909090937.NAA18028>