On 10/25/2010 06:22:23 PM, Nerius Landys wrote: > During the time when a large download is happening using wget, the > pf state table will have "ESTABLISHED:ESTABLISHED". If wget was in > the > process of performing a large download and I hit Ctrl+C (or kill it), > the state table will have "TIME_WAIT:TIME_WAIT". If wget > successfully > finishes downloading something, I will see "FIN_WAIT_2:FIN_WAIT_2" in > the state table.
> What I > _really_ > would like to do is limit the number of established and maybe broken > connections per IP address, and I probably _don't_ want to count > the "FIN_WAIT_2:FIN_WAIT_2" connections towards my max of 36. > Do you guys have any thoughts about this? Based on my feeling that > the OpenBSD community tends to always do things "the right way", I'm > thinking that there is a reason why things are the way they are, but > I > would like to know those reasons if possible. See RFC 793 section "3.3. Sequence Numbers" particularly the subsection titled "The TCP Quiet Time Concept". Karl <[email protected]> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
