>
> There used to be two listen queues; one for completed connections and one
> for incomplete connections. (Complete referring to the TCP three-way
> handshake completing.) The syncache replaces the incomplete connection
> queue, meaning that the listen queue depth is no longer relevant there.
On 15 Apr 2002, Yusuf Goolamabbas wrote:
> Subsequently, we changed the listen backlog to 128 via
> DAEMON_OPTIONS(`Port=smtp, Name=MTA, Listen=128')
> and turned ConnectionRateThrottle back on with a value of 20. Now, the
> immediate reset is triggered but quite infrequently
>
> I thought that
On 15 Apr 2002, Yusuf Goolamabbas wrote:
> In 4.5-RELEASE, there seems to be no caller for sodropablereq, however
> the function is declared in sys/sys/socketvar.h and defined in
> sys/kern/uipc_socket2.c. Maybe it can be deleted from the source tree
I'll go look into cleaning that up tomorrow.
We are using sendmail 8.11.6 patched to support mysql lookups.
This is on FreeBSD 4.4-stable (cvsup'ed early December 2001)
Recently my colleague turned on ConnectionRateThrottle and set it for a
value of 20
Shortly he would observe that connections would get reset immediately
after the client c
Hi,
Does anyone know where is the document for configuring IPv6 on
FreeBSD, if any? The NetBSD web page has a really cool manual
(http://www.netbsd.org/Documentation/network/ipv6/) for IPv6 people
using NetBSD. I'm looking for such a document for FreBSD.
---
Keiichi SHIMA
IIJ Research Laborato
On Sun, Apr 14, 2002 at 06:52:43PM -0400, Richard A Steenbergen wrote:
> On Sun, Apr 14, 2002 at 02:25:27PM -0700, Luigi Rizzo wrote:
> >
> > Hi,
> > this is more a comment on rfc2827 than on the patch (which seems to do
> > basically what is in the RFC).
> > This kind of filtering gives very lit
Hello,
I did not pay much attention, but since a couple of weeks
(the latest "daylight savings in Europe") mu ntp
programs do not function anymore and host clocks
drift further and further (both for machines
I upgraded to -stable as for machines which have a couple
a months old -stable ...).
Hi,
this is more a comment on rfc2827 than on the patch (which seems to do
basically what is in the RFC).
This kind of filtering gives very little protection. For single-homed
systems with a default route, basically the only packets that it
can deny are those with a 127/8 source address on the wi
Hello!
I'd like to know your opinion about this patch
http://www.morning.ru/~poige/patchzone/ingressfiltering.patch
which is mine attempt to implement an ingress filter being inspired by
RFC2827 "Network Ingress Filtering: Defeating Denial of Service Attacks
which employ IP Source Address Sp
