From owner-freebsd-arch Tue Jul 17 20:38:24 2001 Delivered-To: freebsd-arch@freebsd.org Received: from peter3.wemm.org (c1315225-a.plstn1.sfba.home.com [24.14.150.180]) by hub.freebsd.org (Postfix) with ESMTP id E4B2837B401 for ; Tue, 17 Jul 2001 20:38:19 -0700 (PDT) (envelope-from peter@wemm.org) Received: from overcee.netplex.com.au (overcee.wemm.org [10.0.0.3]) by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id f6I3cJM17828 for ; Tue, 17 Jul 2001 20:38:19 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 2DD5838CC; Tue, 17 Jul 2001 20:38:19 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Mike Silbersack Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk In-Reply-To: <20010717212424.X3382-100000@achilles.silby.com> Date: Tue, 17 Jul 2001 20:38:19 -0700 From: Peter Wemm Message-Id: <20010718033819.2DD5838CC@overcee.netplex.com.au> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Silbersack wrote: > > As those of you watching -net and -hackers may have noticed, we're > starting to see more reports of our current TCP ISN generation scheme > causing problems for users. The effect is far greater than it was > expected to be, and we need to fix this before 4.4 freezes. At Yahoo we're looking at attempting to port the NetBSD implementation of the BSD/OS syn_cache (compressed tcp state engine) stuff in order to improve SYN flood resiliance. The present hack (listen queue drop stuff) just is not cutting it. NetBSD have added RFC1948 support in there now as well. The NetBSD code is fairly well partitioned from the rest of the stack and has a few hooks into various places. It even has IPv6 awareness. (look at tcp_input.c, and tcp_subr.c, there are a small number of syn_cache_xxx() hooks added elsewhere.) How about attempting to kill two birds with one stone and really solve the SYN flood problem at the same time as dealing with the ISS stuff. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message