Re: TCP connections clogging up accf_http(9)

To: tech-net%netbsd.org@localhost
Subject: Re: TCP connections clogging up accf_http(9)
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Wed, 25 May 2016 15:31:21 +0200

> In the case of a server that is broken, and not accepting connections, that's
> also clearly what is needed.
But without an Accept Filter, those connection requests would also just fill the queue?

> it should also allow it to decide between reject and accept old pending 
> connections - in case it wants to log them, or take more drastic counter 
> measures in the event it appears as if it might be an actual attack attempt
Yes.

I thing tls@'s approach would make all this possible at no cost, wouldn't it?

References:
- Re: TCP connections clogging up accf_http(9) (was: ESTABLISHED sockets with no fd open? (was: generating ECONNRESET with no syscall?))
  - From: Thor Lancelot Simon
- generating ECONNRESET with no syscall?
  - From: Edgar Fuß
- ESTABLISHED sockets with no fd open? (was: generating ECONNRESET with no syscall?)
  - From: Edgar Fuß
- TCP connections clogging up accf_http(9) (was: ESTABLISHED sockets with no fd open? (was: generating ECONNRESET with no syscall?))
  - From: Timo Buhrmester
- Re: TCP connections clogging up accf_http(9) (was: ESTABLISHED sockets with no fd open? (was: generating ECONNRESET with no syscall?))
  - From: Robert Elz

Prev by Date: Re: TCP connections clogging up accf_http(9)
Next by Date: Re: TCP connections clogging up accf_http(9)
Previous by Thread: Re: TCP connections clogging up accf_http(9) (was: ESTABLISHED sockets with no fd open? (was: generating ECONNRESET with no syscall?))
Next by Thread: Re: TCP connections clogging up accf_http(9)
Indexes:

Home | Main Index | Thread Index | Old Index