On Sat, Apr 17, 2021 at 12:42:39AM -0700, Keyu Man wrote: > How about at least allow the existing queue to finish? Currently a tiny new > fragment would potentially invalid all previous fragments by letting them > timeout without allowing the fragments to come in to finish the assembly.
Because this is exactly the principle of how attacks are built: reserve resources claiming that you'll send everything so that others can't make use of the resources that are reserved to you. The best solution precisely is *not* to wait for anyone to finish, hence *not* to reserve valuable resources that are unusuable by others. Willy
