Date: Sun, 29 Sep 1996 13:29:52 -0500 (CDT) From: Karl Denninger <karl@Mcs.Net> To: apg@demos.net (Paul Antonov) Cc: apg@demos.net, guido@gvr.win.tue.nl, hackers@freebsd.org Subject: Re: patch against SYN floods (RED impl.) Message-ID: <199609291829.NAA09746@Jupiter.Mcs.Net> In-Reply-To: <hFrr3JouB0@dream.demos.su> from "Paul Antonov" at Sep 28, 96 00:47:49 am
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <199609271937.VAA02005@gvr.win.tue.nl> Guido van Rooij > writes: > > >> I've tested in on SYN attacks with over 1000pps rate, and it works > >> reasonably well. > > >Seeing your patch: isn't it much quicker to walk down the so_q0 list and > >get the pcb's from there? > > Surely, I just found why I was unable to do it - in the body of loop > I've written tp = sototcpcb(so) instead of tp = sototcpcb(sp) and was > much confused to see all sockets on LISTEN state :) I hate do things on > the run, but sometimes you need to ... (patch elided) I see that the tail drop patch has been committed to -CURRENT. Are there plans to commit this one in its place? -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1 from $600 monthly; speeds to DS-3 available | 23 Chicagoland Prefixes, 13 ISDN, much more Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 248-9865] | Home of Chicago's only FULL Clarinet feed!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609291829.NAA09746>