On 05/ 6/10 11:32 PM, Nicolas Williams wrote:
On Thu, May 06, 2010 at 04:06:31PM +0800, Kacheong Poon wrote:
Suppose the process is able to exit but the socket lingers. In that
case will the lingering socket defeat resource controls?
I guess your concern is that somehow the peer goes away at the
*right* time and TCP stays in the FIN-WAIT-2 state for the
extended period of time. I further assume that you are using
this as an example of a new attack. And the goal is to create
as many lingering tcp_ts in the system as possible. For this
attack to be successful, there must be a peer co-operating. And
The peer need only accept connections though, right?
The peer probably needs to be a special program which
knows when to stop at the close sequence to force
the Solaris side to be stuck in FIN-WAIT-2 state. A
normal TCP app cannot do that.
It's not the ABORT threshold that I'm worried about, but the TCP_LINGER2
timer. I recommend that the maximum for that be not more than some
smallish value such as 60s.
How about the following? The option value must be smaller
than the TCP private parameter tcp_fin_wait_2_flush_interval.
And this parameter can be changed by the admin to any value
less than 2 hours (right now the max is 2^32ms).
--
K. Poon.
[email protected]
_______________________________________________
opensolaris-arc mailing list
[email protected]
