From: Henning Brauer <hb-openbsdtech@ml.bsws.de>
Subject: Re: bgpd: simplify SO_RCVBUF and SO_SNDBUF clamping
To: tech@openbsd.org
Date: Thu, 16 May 2024 13:35:26 +0200

* Claudio Jeker <cjeker@diehard.n-r-g.com> [2024-05-16 11:24]:
> In bgpd we clamp the TCP bufsize to 64k to limit the amount of buffering
> on TCP to a reasonable level. This was done to help the SendHoldTimer.

actually, when I wrote this 20y ago, it wasn't to clamp the bufsize -
it was to grow it from the back-then default 8k to as close to 64k as
the kernel lets us. 

this used to be if'd and the comment said pretty much the opposite
until you adjusted it to the new reality in 1.444 ;)

-       /* only increase bufsize (and thus window) if md5 or ipsec is in use */
-       if (p->conf.auth.method != AUTH_NONE) {

the tcp RST attack was a big thing back then. oh well, it's history.

> Now the current code is doing too much since it will scale down below 64k
> if setsockopt() fails. Since this is just a voluntary "optimisation" just
> ignore possible errors and try only once.

the world has changed over the last 20 years, so fire-and-forget is
fine now, ok.

henning

-- 
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/