From owner-freebsd-stable Fri May 3 3:46: 2 2002 Delivered-To: freebsd-stable@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id 9F91937B417 for ; Fri, 3 May 2002 03:45:58 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id AD2A95656; Fri, 3 May 2002 05:45:57 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g43AjnG23642; Fri, 3 May 2002 05:45:49 -0500 (CDT) (envelope-from hawkeyd) Date: Fri, 3 May 2002 05:45:49 -0500 (CDT) Message-Id: <200205031045.g43AjnG23642@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20020430225620.D32402-200000_patrocles.silby.com@ns.sol.net> In-Reply-To: <20020430225620.D32402-200000_patrocles.silby.com@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: Heads Up: Accept filters fixed X-Original-Newsgroups: sol.lists.freebsd.stable To: silby@silby.com, freebsd-stable@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In article <20020430225620.D32402-200000_patrocles.silby.com@ns.sol.net>, silby@silby.com writes: > > Just a quick note for those of you using accept filters with a 4.4+ kernel > using the syncache: Your accept filters are broken, and easily DoSable. > > The fix (attached) has now been committed to both 5.0 and 4.5, so I > recommend doing one of two things if you're using accept filters: > > 1. Stop using them. How does one know if one is? No man page(s) on "syncache", but I did glean this: [sheol] ~$ sysctl -a |grep syncache syncache: 160, 15359, 0, 51, 95 net.inet.tcp.syncache.bucketlimit: 30 net.inet.tcp.syncache.cachelimit: 15359 net.inet.tcp.syncache.count: 0 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.rexmtlimit: 3 How does one set up filters and tear them down? Regarding another reply: Whom do I lobby to get this into RELENG_4_5? I don't want to have to re-apply this patch after every 'cvsup'... TIA, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message