Date: Fri, 17 Jun 2022 11:13:03 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 253912] [PATCH] Inefficient lookup of incoming packets in libalias Message-ID: <bug-253912-227-9OaPF4bzd5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253912-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253912 --- Comment #1 from Lukas Turek <8an@praha12.net> --- Even though libalias database was mostly rewriten, this bug is still present in 13.1. The problem wasn't in the data structure itself (hash table or splay tree), but in the key used for lookup. If the key contains only alias address and port, all packets from many addresses in DDoS targeting the same local address and port will collide in a single entry. I made a new patch working in a similar way to the previous one. I did some simple tests, but we haven't deployed it in production yet. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253912-227-9OaPF4bzd5>