--Apple-Mail-2--1053501781
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Apr 20, 2004, at 9:52 AM, Jun-ichiro itojun Hagino wrote:

> Module Name:	src
> Committed By:	itojun
> Date:		Tue Apr 20 16:52:12 UTC 2004
>
> Modified Files:
> 	src/sys/netinet: tcp_input.c tcp_subr.c tcp_var.h
>
> Log Message:
> - respond to RST by ACK, as suggested in NISCC recommendation
> - rate-limit ACKs against RSTs and SYNs

Isn't rate-limiting against SYNs effectively going to rate-limit how 
quickly you can passively establish a TCP connection?  This doesn't 
strike me as being very good for e.g. web servers.

...or, am I just missing something?

         -- Jason R. Thorpe <thorpej@wasabisystems.com>


--Apple-Mail-2--1053501781
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAhVcNOpVKkaBm8XkRAklBAKDA4OtpmL6dk2sFoTzzcNX2mvgVCQCgxweX
XgJqd1r4QxrV+eP4nKM1zQk=
=x7cH
-----END PGP SIGNATURE-----

--Apple-Mail-2--1053501781--