From owner-freebsd-net Fri May 12 17:36:19 2000 Delivered-To: freebsd-net@freebsd.org Received: from silby.com (adam042-051.resnet.wisc.edu [146.151.42.51]) by hub.freebsd.org (Postfix) with SMTP id 4212F37BD7D for ; Fri, 12 May 2000 17:36:12 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 1266 invoked by uid 1000); 13 May 2000 00:36:10 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 13 May 2000 00:36:10 -0000 Date: Fri, 12 May 2000 19:36:10 -0500 (CDT) From: Mike Silbersack To: net@freebsd.org Subject: MFC of mbuf wait and other patch Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I now have two patches I'd enjoy if people looked at: The first is a patch I posted a week or two ago here which rate limits icmp echo responses and timestamp responses; while it doesn't address any particular DoS, I think it'd be wise to include, even if only in current for now. You can obtain it from: http://www.silby.com/patches/ip_icmp.c.patch The second patch is my backport of bosko milekic's mbuf waiting code to 3.4. The patch ported cleanly, but I'm seeing mbuf leaks in some cases when I reach the exhaustion stage. Unfortunately, since I only have a 3.4 box, I cannot tell if this is due to an error in my backport, or some case that isn't handled by the code. If you're running 4 or 5 and wish to see the results you get from the attack I'm running on myself, please e-mail me and I'll send you instructions on how to recreate it. That aside, the patch does stop the box from panicing, so it's still a win for us 3.xers - if you're running 3.4, please help test the patch. The mbuf wait patch is at: http://www.silby.com/patches/mbuf-wait-mfc.patch Thanks, Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message