Date: Fri, 3 May 2002 05:45:49 -0500 (CDT) From: hawkeyd@visi.com (D J Hawkey Jr) To: silby@silby.com, freebsd-stable@freebsd.org Subject: Re: Heads Up: Accept filters fixed Message-ID: <200205031045.g43AjnG23642@sheol.localdomain> In-Reply-To: <20020430225620.D32402-200000_patrocles.silby.com@ns.sol.net> References: <20020430225620.D32402-200000_patrocles.silby.com@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <20020430225620.D32402-200000_patrocles.silby.com@ns.sol.net>,
silby@silby.com writes:
>
> Just a quick note for those of you using accept filters with a 4.4+ kernel
> using the syncache: Your accept filters are broken, and easily DoSable.
>
> The fix (attached) has now been committed to both 5.0 and 4.5, so I
> recommend doing one of two things if you're using accept filters:
>
> 1. Stop using them.
How does one know if one is? No man page(s) on "syncache", but I did
glean this:
[sheol] ~$ sysctl -a |grep syncache
syncache: 160, 15359, 0, 51, 95
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncache.cachelimit: 15359
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.rexmtlimit: 3
How does one set up filters and tear them down?
Regarding another reply: Whom do I lobby to get this into RELENG_4_5?
I don't want to have to re-apply this patch after every 'cvsup'...
TIA,
Dave
--
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205031045.g43AjnG23642>