From owner-freebsd-net@FreeBSD.ORG  Wed Dec 20 09:33:27 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 12A8A16A416;
	Wed, 20 Dec 2006 09:33:27 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 793A843CA7;
	Wed, 20 Dec 2006 09:33:26 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28])
	by postfix1-g20.free.fr (Postfix) with ESMTP id D1F3E5EBAAF;
	Wed, 20 Dec 2006 09:44:20 +0100 (CET)
Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98])
	by smtp2-g19.free.fr (Postfix) with ESMTP id C20287D09;
	Wed, 20 Dec 2006 09:44:18 +0100 (CET)
Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25])
	by tatooine.tataz.chchile.org (Postfix) with ESMTP id C7B579B847;
	Wed, 20 Dec 2006 08:45:15 +0000 (UTC)
Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000)
	id B996A405B; Wed, 20 Dec 2006 09:45:15 +0100 (CET)
Date: Wed, 20 Dec 2006 09:45:15 +0100
From: Jeremie Le Hen <jeremie@le-hen.org>
To: Andre Oppermann <andre@freebsd.org>
Message-ID: <20061220084515.GK48407@obiwan.tataz.chchile.org>
References: <457F2D82.6000905@freebsd.org>
	<1299780826.20061214141629@citrin.ru>
	<458142DB.8000002@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <458142DB.8000002@freebsd.org>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: freebsd-net@freebsd.org, Anton Yuzhaninov <citrin@citrin.ru>
Subject: Re: Automatic TCP send and receive socket buffer sizing
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2006 09:33:27 -0000

Hi Andre,

Thank you for your work, it looks very exciting !

On Thu, Dec 14, 2006 at 01:26:03PM +0100, Andre Oppermann wrote:
> The
> automatic send buffer is not perfect either and has some cases where
> it may allocate too much resources of the host to a particular connection.
> OTOH it does much better than the small fixed sized buffer we had before.

This makes me think it makes easier the way to a DoS.  A malicious user
with a big pipe may open several TCP connections and then manage
each send buffer to reach the maximum size (which is eight time bigger
the classical one by default).  This would mean it is eight time
easier to exhaust kernel memory.  In this case, how one could prevent
his box from being a potential victim of this ?

Thank you.
Best regards
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >