From owner-freebsd-net@FreeBSD.ORG  Sun Jan 15 19:35:22 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A642D106566C
	for <freebsd-net@freebsd.org>; Sun, 15 Jan 2012 19:35:22 +0000 (UTC)
	(envelope-from andrey@zonov.org)
Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F0688FC26
	for <freebsd-net@freebsd.org>; Sun, 15 Jan 2012 19:35:21 +0000 (UTC)
Received: by bke17 with SMTP id 17so23921bke.13
	for <freebsd-net@freebsd.org>; Sun, 15 Jan 2012 11:35:21 -0800 (PST)
Received: by 10.204.131.65 with SMTP id w1mr3582859bks.101.1326656121060;
	Sun, 15 Jan 2012 11:35:21 -0800 (PST)
Received: from [10.254.254.77] (ppp95-165-126-65.pppoe.spdop.ru.
	[95.165.126.65])
	by mx.google.com with ESMTPS id a17sm34049983bkz.7.2012.01.15.11.35.20
	(version=SSLv3 cipher=OTHER); Sun, 15 Jan 2012 11:35:20 -0800 (PST)
Message-ID: <4F132A76.6010501@zonov.org>
Date: Sun, 15 Jan 2012 23:35:18 +0400
From: Andrey Zonov <andrey@zonov.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru;
	rv:1.8.1.24) Gecko/20100228 Thunderbird/2.0.0.24 Mnenhy/0.7.6.0
MIME-Version: 1.0
To: Nikolay Denev <ndenev@gmail.com>
References: <EE6495BD-38D0-4EBE-9A94-7C40DC69F820@gmail.com>
	<4F131A7D.4020006@zonov.org>
	<733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com>
In-Reply-To: <733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-net@freebsd.org
Subject: Re: ICMP attacks against TCP and PMTUD
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2012 19:35:22 -0000

This helped me:
/boot/loader.conf
net.inet.tcp.hostcache.hashsize=65536
net.inet.tcp.hostcache.cachelimit=1966080

Actually, this is a workaround.  As I remember, real problem is in 
tcp_ctlinput(), it could not update MTU for destination IP if hostcache 
allocation fails.  tcp_hc_updatemtu() should returns NULL if 
tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case 
and sets updated MTU for this particular connection if 
tcp_hc_updatemtu() fails.  Otherwise we've got infinite loop in MTU 
discovery.


On 15.01.2012 22:59, Nikolay Denev wrote:
>
> % uptime
>   7:57PM  up 608 days,  4:06, 1 user, load averages: 0.30, 0.21, 0.17
>
> % vmstat -z|grep hostcache
> hostcache:                136,    15372,    15136,      236, 44946965, 10972760
>
>
> Hmm… probably I should increase this….
>

-- 
Andrey Zonov