Subject: Re: thoughts on limiting connections to a socket
To: NetBSD Networking Technical Discussion List <tech-net@NetBSD.ORG>
From: David Laight <>
List: tech-net
Date: 06/05/2002 23:29:10
On Wed, Jun 05, 2002 at 10:57:16AM -0400, Greg A. Woods wrote:
> [ On Wednesday, June 5, 2002 at 01:49:35 (-0400), der Mouse wrote: ]
> > Subject: Re: thoughts on limiting connections to a socket
> >
> > > maybe TCP needs an equivalent of SMTP's "421 please come back later"
> > > response so it can say I'm here, and I'm listening, but I'm too damn
> > > busy right now....
> > 
> > Hm, this sounds pretty close to accepting the connection and
> > advertising a zero window.  With a little effort, I would expect the
> > overhead to get down to the order of half-open connections (ie, the
> > table maintained by the SYN-flood defenses).

That would be a useful feature for devices (like printers) that
need to share a single physical device between multiple users.

> No, I mean that's the end of the connection attempt -- the client gets
> an ETOOBLOODYBUSY instead of ECONNREFUSED....  :-)  (EAGAIN I mean :-)

But how long would you wait before retrying?
Ignoring the SYN packet, or accepting the connection
with no window stop your (overloaded) system from
being flooded with even more requests.


David Laight: