On Wednesday 30 January 2008 20:22, Ben Greear wrote: > We use these features to enable creating very high numbers of short-lived > TCP connections, primarily used as a test tool for other network > devices.
Hopefully these other network devices don't do any NAT then or don't otherwise violate the IP-matches-PAWS assumption. Most likely they do actually, so enabling TW recycle for testing is probably not even safe for you. Modern systems have a lot of RAM so even without tw recycle you should be able to get a very high number of connections. An timewait socket is around 128 bytes on 64bit; this means with a GB of memory you can already support > 8 Million TW sockets. On 32bit it's even more. The optimization was originally written at a time when 64MB systems were common. If you don't care about data integrity have you considered just using some custom UDP based protocol or run one of the user space TCP stacks and disable all data integrity features? If you do care about data integrity then you should probably disable tw recycle anyways. The deprecation period will be some time (several months) so you'll have enough time to migrate to another method > Perhaps just document the adverse affects and/or have it print out a > warning on the console whenever the feature is enabled? "This feature is insecure and does not work on the internet or with NAT" ? Somehow this just does not seem right to me. -Andi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
