Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Jan 2012 21:52:51 +0200
From:      Nikolay Denev <ndenev@gmail.com>
To:        Andrey Zonov <andrey@zonov.org>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: ICMP attacks against TCP and PMTUD
Message-ID:  <3008402354236887854@unknownmsgid>
In-Reply-To: <12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28>
References:  <EE6495BD-38D0-4EBE-9A94-7C40DC69F820@gmail.com> <4F131A7D.4020006@zonov.org> <733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com> <12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28>

next in thread | previous in thread | raw e-mail | index | archive | help
On 15.01.2012, at 21:35, Andrey Zonov <andrey@zonov.org> wrote:

> This helped me:
> /boot/loader.conf
> net.inet.tcp.hostcache.hashsizee536
> net.inet.tcp.hostcache.cachelimit=1966080
>
> Actually, this is a workaround.  As I remember, real problem is in
> tcp_ctlinput(), it could not update MTU for destination IP if hostcache
> allocation fails.  tcp_hc_updatemtu() should returns NULL if
> tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case
> and sets updated MTU for this particular connection if
> tcp_hc_updatemtu() fails.  Otherwise we've got infinite loop in MTU
> discovery.
>
>
> On 15.01.2012 22:59, Nikolay Denev wrote:
>>
>> % uptime
>>  7:57PM  up 608 days,  4:06, 1 user, load averages: 0.30, 0.21, 0.17
>>
>> % vmstat -z|grep hostcache
>> hostcache:                136,    15372,    15136,      236, 44946965, 1=
0972760
>>
>>
>> Hmm=85 probably I should increase this=85.
>>
>
> --
> Andrey Zonov

Thanks, I will test this asap!

Regards,
Nikolay



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3008402354236887854>