tcpdrop(8) for DragonFly
Matthew Dillon
dillon at apollo.backplane.com
Sun Nov 14 10:31:22 PST 2004
:Joerg Sonnenberger said:
:> The original intent was actually to be able to completely shutdown a
:> connection, because e.g. for a DOS, you don't care about the other side,
:> which most likely doesn't care about you.
:
:Yes, that was the idea. I guess this is the dilemma of being a good net
:citizen versus being DOS-free. But since we're dealing with the bad guys
:anyway, I don't think that simply dropping them would be a bad thing...
:
:Andre
It sounds like the sysctl should have two options, but at least for
any initial implementation it should use shutdown rather then drop.
There are plenty of ways to deal with TIME_WAIT that would not impose
much additional overhead verses a drop.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Submit
mailing list