On Thu, May 06, 2010 at 10:32:49AM -0500, Nicolas Williams wrote: > On Thu, May 06, 2010 at 04:06:31PM +0800, Kacheong Poon wrote: > > >Suppose the process is able to exit but the socket lingers. In that > > >case will the lingering socket defeat resource controls? > > > > I guess your concern is that somehow the peer goes away at the > > *right* time and TCP stays in the FIN-WAIT-2 state for the > > extended period of time. I further assume that you are using > > this as an example of a new attack. And the goal is to create > > as many lingering tcp_ts in the system as possible. For this > > attack to be successful, there must be a peer co-operating. And > > The peer need only accept connections though, right?
Ah, no, excuse the brain fart. The cooperating peer would have to accept connections _and_ set the TCP_LINGER2 timer very high. Therefore there's no problem whatsoever. Please excuse this long detour. There's nothing wrong with your case, Nico -- _______________________________________________ opensolaris-arc mailing list [email protected]
