On Fri, 2003-03-07 at 17:51, Bob Miller wrote: > How does tarproxy actually control the TCP/IP parameters? > > The default TCP receive window (on Linux) is 32K. That's plenty of > room for the sender to send the whole sendmail negotiation sequence > and a complete message before the receiver has even accepted the > connection. (It appears that you can't change the receive window > until you've accepted the connection.)
There are a few things we can do here. First, we can start out slow(ish) by default by setting a small receive buffer prior to accepting connections as outlined here at http://java.sun.com/j2se/1.4/docs/api/java/net/ServerSocket.html#setReceiveBufferSize(int) . The receive buffer can be ramped up over the connection as the remote MTA builds credibility, or can be increased in size immediately for, say, a whitelisted server. This would indirectly cause the TCP window to grow. I'll be experimenting with this over the weekend. Second, we can enforce a "net" speed on the connection by delaying our responses. Spam software could admittedly get around this easily by using a very short timeout prior to giving up on a connection. If they do, they can resume spamming others quickly, but we won't get their mail in a bizarre win-win situation. Against open relays this will be as good as a slow data rate. Third, platform-specific tools can be used at a lower level, triggered by events within TarProxy. I've been in communication with the author of trickle (http://freshmeat.net/releases/115445/) about this today, and according to him the version currently in CVS (i.e., not in today's release) can accept commands from external programs to change the parameters of existing connections. I'm awaiting more detail on this. Fourth, I'm open to suggestions. :) - Marty -- Marty Lamb Martian Software mlamb at martiansoftware dot com ---- : The tarproxy-list mailing list is archived at : http://www.mail-archive.com/tarproxy-list%40martiansoftware.com/ : : To unsubscribe from this list, follow the instructions at : http://www.martiansoftware.com/contact.html : : TarProxy's project page can be found at : http://www.martiansoftware.com/tarproxy
