Make that a yes. I have demonstrated to my satisfaction that the Solaris
TCP FIN bug very badly affects HTTP sessions (in my case going through a
Solaris 2.5.1-based firewall to get to a Linux HTTP server on which I could
conveniently turn the workaround on and off and see the results).
In HTTP, the symptom is sessions that hang forever just as they get to
100%. I have seen this going to non-Linux sites too, but I'd recommend
using the workaround for major web servers as well as FTP servers.
I invite others to reproduce these results -- and remember that only
certain sized messages are vulnerable and it only happens if the packets
get out of order, so you won't see it on a local lightly loaded LAN. The
client must be Solaris 2.5.1/2.6, and the server Linux 2.2.x.
---David C Niemi--- If I am not for myself, who will be for me?
---niemi at tux.org--- If I am only for myself, what am I?
---Reston VA USA--- If not now, when? -- Hillel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/