From 9203287aef03e5b3430240f0448046436629dc48 Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@FreeBSD.org>
Date: Thu, 4 Mar 2004 17:06:30 +0000
Subject: [PATCH] Rewrite TCP segment reassembly note to mention SA-04:04, note
 MFC, relocate to security advisory section.

---
 release/doc/en_US.ISO8859-1/relnotes/article.sgml  | 14 +++++++-------
 .../doc/en_US.ISO8859-1/relnotes/common/new.sgml   | 14 +++++++-------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index c25b6caa7885..12a0a31ef4ec 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -148,6 +148,13 @@
       jail.  More information can be found in security advisory <ulink
       url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
 
+    <para>A potential low-bandwidth denial-of-service attack against
+      the &os; TCP stack has been prevented by limiting the number of
+      out-of-sequence TCP segments that can be held at one time.  More
+      details can be found in security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
+      &merged;</para>
+
   </sect2>
 
   <sect2 id="kernel">
@@ -289,13 +296,6 @@
 	support for the TCP-MD5 class of security associations.
 	&merged;</para>
 
-      <para>The TCP segment reassembly queue now uses the UMA kernel
-	memory allocator and limits the maximum number of segments it
-	will hold, thus preventing a certain class of denial of
-	service attack.  Its behavior is controlled by the
-	<varname>net.inet.tcp.reass</varname> hierarchy of sysctl
-	variables.</para>
-
     </sect3>
 
     <sect3 id="disks">
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index c25b6caa7885..12a0a31ef4ec 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -148,6 +148,13 @@
       jail.  More information can be found in security advisory <ulink
       url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc">FreeBSD-SA-04:03</ulink>.</para>
 
+    <para>A potential low-bandwidth denial-of-service attack against
+      the &os; TCP stack has been prevented by limiting the number of
+      out-of-sequence TCP segments that can be held at one time.  More
+      details can be found in security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc">FreeBSD-SA-04:04</ulink>.
+      &merged;</para>
+
   </sect2>
 
   <sect2 id="kernel">
@@ -289,13 +296,6 @@
 	support for the TCP-MD5 class of security associations.
 	&merged;</para>
 
-      <para>The TCP segment reassembly queue now uses the UMA kernel
-	memory allocator and limits the maximum number of segments it
-	will hold, thus preventing a certain class of denial of
-	service attack.  Its behavior is controlled by the
-	<varname>net.inet.tcp.reass</varname> hierarchy of sysctl
-	variables.</para>
-
     </sect3>
 
     <sect3 id="disks">