For a sender, defense is more difficult because you can't throw away unacknowledged data. An attacker can consume 2*mss kernel memory per ack it
WIth ABC in place, isn't that "up to" or "no more than?" And that is only if the connection is still in the slow-start phase rather than bandwidth probing.
Would having a lower initial cap on ssthrsh than "whatever the remote advertises" - say at the present default wmax - be some middle ground? It might not be completely optimal for those high bandwidth delay product links but it would mean that once a connection got to current wmax it would be in the MSS per window realm rather than the other.
sends, and hold on to it indefinitely.
Is it really indefinite? I would think that it would be no longer than it takes the sender to hit his retransmission limits?
Doesn't the sending "attack" presume that there is a willing accomplice on the system - something that both has and is willing to send that large quantity of data to the remote?
rick jones - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
