Date: Tue, 18 Dec 2001 22:12:14 -0800 (PST) From: Jonathan Lemon <jlemon@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet tcp_syncache.c Message-ID: <200112190612.fBJ6CE264053@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
jlemon 2001/12/18 22:12:14 PST
Modified files:
sys/netinet tcp_syncache.c
Log:
Extend the SYN DoS defense by adding syncookies to the syncache.
All TCP ISNs that are sent out are valid cookies, which allows entries
in the syncache to be dropped and still have the ACK accepted later.
As all entries pass through the syncache, there is no sudden switchover
from cache -> cookies when the cache is full; instead, syncache entries
simply have a reduced lifetime. More details may be found in the
"Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002
conference proceedings.
Sponsored by: DARPA, NAI Labs
Revision Changes Path
1.6 +193 -14 src/sys/netinet/tcp_syncache.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112190612.fBJ6CE264053>