Date: Tue, 17 Jul 2001 20:38:19 -0700 From: Peter Wemm <peter@wemm.org> To: Mike Silbersack <silby@silby.com> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <20010718033819.2DD5838CC@overcee.netplex.com.au> In-Reply-To: <20010717212424.X3382-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > As those of you watching -net and -hackers may have noticed, we're > starting to see more reports of our current TCP ISN generation scheme > causing problems for users. The effect is far greater than it was > expected to be, and we need to fix this before 4.4 freezes. At Yahoo we're looking at attempting to port the NetBSD implementation of the BSD/OS syn_cache (compressed tcp state engine) stuff in order to improve SYN flood resiliance. The present hack (listen queue drop stuff) just is not cutting it. NetBSD have added RFC1948 support in there now as well. The NetBSD code is fairly well partitioned from the rest of the stack and has a few hooks into various places. It even has IPv6 awareness. (look at tcp_input.c, and tcp_subr.c, there are a small number of syn_cache_xxx() hooks added elsewhere.) How about attempting to kill two birds with one stone and really solve the SYN flood problem at the same time as dealing with the ISS stuff. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010718033819.2DD5838CC>