Hi folks...

This is just a heads-up to let everyone know that I've pulled the
SYN_cache_branch development branch into the mainline of the source
tree.  Here is the entry from doc/CHANGES:

        netinet: Implement a compressed state engine for TCP, based
                on code written by David Borman for BSD/OS.  This
                compressed state engine is currently used to hold
                state for embryonic TCP connections.  Rather than
                creating a socket/TCB for the incoming SYN, it is 
                placed into the compressed state engine.  A TCB is
                only created once the 3-way handshake has been completed.
                Among other things, this provides complete protection from 
                "SYN flood attacks" without the need to drop half-open
                connections.  MANY MANY thanks to BSDI for releasing
                the original code, and to Ted Lemon <mellon@netbsd.org>
                for doing the initial integration work!  [thorpej 970723]

This has been tested on SPARC, i386, and Alpha ports, and on a couple of
fairly busy servers (including ftp.netbsd.org).  I don't anticipate any
problems, but if you experience any, it is _vitally_ important that you
submit a bug report using send-pr(1) with as much info as you can provide.

Ciao.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939