From owner-freebsd-net@FreeBSD.ORG  Sun Jan 15 19:52:52 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 869A71065686
	for <freebsd-net@freebsd.org>; Sun, 15 Jan 2012 19:52:52 +0000 (UTC)
	(envelope-from ndenev@gmail.com)
Received: from mail-qw0-f47.google.com (mail-qw0-f47.google.com
	[209.85.216.47])
	by mx1.freebsd.org (Postfix) with ESMTP id 4003A8FC1A
	for <freebsd-net@freebsd.org>; Sun, 15 Jan 2012 19:52:51 +0000 (UTC)
Received: by qap15 with SMTP id 15so1990790qap.13
	for <freebsd-net@freebsd.org>; Sun, 15 Jan 2012 11:52:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=references:in-reply-to:mime-version:from:date:message-id:subject:to
	:cc:content-type:content-transfer-encoding;
	bh=qW7BJ3Ue0SJUXde5LUJYeanWLqqVlGB8yDjwxSg2ecU=;
	b=NBNH/Fu33R42V1FDhjqO+IhG4ClETNVqK8s7FpnqIGGPRN5x0QFHBia/YU1XWqp7/F
	tK7j+eHmk1iHNdJ7YXoOIfcHmnjf6isYXlUtH/QGNRNYrmFqhd7CtZtITbTxSPHlPeHO
	BIxPcTrOg5BJwZ7cglzrNFWHmduNDqQbC+Ycw=
Received: by 10.224.181.10 with SMTP id bw10mr11041648qab.59.1326657171530;
	Sun, 15 Jan 2012 11:52:51 -0800 (PST)
References: <EE6495BD-38D0-4EBE-9A94-7C40DC69F820@gmail.com>
	<4F131A7D.4020006@zonov.org>
	<733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com>
	<12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28>
In-Reply-To: <12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28>
Mime-Version: 1.0 (1.0)
From: Nikolay Denev <ndenev@gmail.com>
Date: Sun, 15 Jan 2012 21:52:51 +0200
Message-ID: <3008402354236887854@unknownmsgid>
To: Andrey Zonov <andrey@zonov.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject: Re: ICMP attacks against TCP and PMTUD
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2012 19:52:52 -0000

On 15.01.2012, at 21:35, Andrey Zonov <andrey@zonov.org> wrote:

> This helped me:
> /boot/loader.conf
> net.inet.tcp.hostcache.hashsizee536
> net.inet.tcp.hostcache.cachelimit=1966080
>
> Actually, this is a workaround.  As I remember, real problem is in
> tcp_ctlinput(), it could not update MTU for destination IP if hostcache
> allocation fails.  tcp_hc_updatemtu() should returns NULL if
> tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case
> and sets updated MTU for this particular connection if
> tcp_hc_updatemtu() fails.  Otherwise we've got infinite loop in MTU
> discovery.
>
>
> On 15.01.2012 22:59, Nikolay Denev wrote:
>>
>> % uptime
>>  7:57PM  up 608 days,  4:06, 1 user, load averages: 0.30, 0.21, 0.17
>>
>> % vmstat -z|grep hostcache
>> hostcache:                136,    15372,    15136,      236, 44946965, 1=
0972760
>>
>>
>> Hmm=85 probably I should increase this=85.
>>
>
> --
> Andrey Zonov

Thanks, I will test this asap!

Regards,
Nikolay