From owner-freebsd-security Fri Jan 21 22:59:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id 2D3D314DEF for ; Fri, 21 Jan 2000 22:59:41 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id WAA19099; Fri, 21 Jan 2000 22:59:38 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id WAA53413; Fri, 21 Jan 2000 22:59:38 -0800 (PST) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id WAA15977; Fri, 21 Jan 2000 22:59:37 -0800 (PST) Message-Id: <200001220659.WAA15977@salsa.gv.tsc.tdk.com> From: gdonl@tsc.tdk.com (Don Lewis) Date: Fri, 21 Jan 2000 22:59:37 -0800 In-Reply-To: Warner Losh "Re: stream.c worst-case kernel paths" (Jan 21, 11:09pm) X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Warner Losh , gdonl@tsc.tdk.com (Don Lewis) Subject: Re: stream.c worst-case kernel paths Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jan 21, 11:09pm, Warner Losh wrote: } Subject: Re: stream.c worst-case kernel paths } In message <200001220551.VAA15775@salsa.gv.tsc.tdk.com> Don Lewis writes: } : (b) still needs to be generalized to cover other paths that generate } : RST packets. } } Matt has a patch for (b). Which is why I didn't implement (b). I figured his implementation would be better than mine. } You two might want to merge the two. That sounds good to me. } I } think that the discarding of multi-cast packets is one of those can't } hurt sorts of things. } } I'm less sure about the wildcard stuff. What's the measurable results } on this change? It will save some CPU cycles, but IMHO it seems cleaner to have non-SYN packets ignore the listening sockets. Why should the path though the code for a non-SYN packet depend on whether there is a listening socket that matches the packet's destination address and port? This would also allow us to clean up some of the code that handles the LISTEN state. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message