Hello, While analyzing a aborted upload packet capture I came across a odd trace where a sender was not responding to a duplicate SACK but sending further segments until it stalled.
Took me some time until I remembered this fix, and actually the problems started since the security fix was applied. I see a high counter for TCPWqueueTooBig - and I don’t think that’s an actual attack. Is there a probability for triggering the limit with connections with big windows and large send buffers and dropped segments? If so what would be the plan? It does not look like it is configurable. The trace seem to have 100 (filled) inflight segments. Gruss Bernd -- http://bernd.eckenfels.net
