>Number:         9978
>Category:       kern
>Synopsis:       TCP RST rate control changes node behavior slightly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 25 01:33:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Release:        netbsd-current
>Organization:
	itojun.org
>Environment:
NetBSD starfruit.itojun.org 1.4X NetBSD 1.4X (STARFRUIT) #198: Mon Apr 24 15:42:04 JST 2000     itojun@ginger.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT i386

>Description:
	NetBSD-current implements rate control for TCP RST (which is a great
	thing).  However, it sometimes annoy normal usage.
	For example, if we try tcp connection attempt via IPv6 and IPv4
	onto the same host, rate limit will apply.
>How-To-Repeat:
	Configure following entries into /etc/hosts and try "telnet
	localhost 9999" (there should be no server on tcp port 9999).

	you will see a SYN to ::1, RST, SYN to 127.0.0.1, (RST suppressed
	by rate limit here), then SYN again to 127.0.0.1, and RST.  Due to
	RST suppression, telnet attempt will take longer time to terminate
	than before.

::1		localhost
127.0.0.1	localhost

>Fix:
	not sure if this is a problem or not.
	1. we may need to document it in bold font?
	2. more clever rate limit logic?  clever means more possiblity for
	   security weakness...
>Release-Note:
>Audit-Trail:
>Unformatted: