Date: Sun, 15 Jan 2012 23:35:18 +0400 From: Andrey Zonov <andrey@zonov.org> To: Nikolay Denev <ndenev@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: ICMP attacks against TCP and PMTUD Message-ID: <4F132A76.6010501@zonov.org> In-Reply-To: <733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com> References: <EE6495BD-38D0-4EBE-9A94-7C40DC69F820@gmail.com> <4F131A7D.4020006@zonov.org> <733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This helped me: /boot/loader.conf net.inet.tcp.hostcache.hashsize=65536 net.inet.tcp.hostcache.cachelimit=1966080 Actually, this is a workaround. As I remember, real problem is in tcp_ctlinput(), it could not update MTU for destination IP if hostcache allocation fails. tcp_hc_updatemtu() should returns NULL if tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case and sets updated MTU for this particular connection if tcp_hc_updatemtu() fails. Otherwise we've got infinite loop in MTU discovery. On 15.01.2012 22:59, Nikolay Denev wrote: > > % uptime > 7:57PM up 608 days, 4:06, 1 user, load averages: 0.30, 0.21, 0.17 > > % vmstat -z|grep hostcache > hostcache: 136, 15372, 15136, 236, 44946965, 10972760 > > > Hmm… probably I should increase this…. > -- Andrey Zonov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F132A76.6010501>