From owner-freebsd-net@FreeBSD.ORG  Thu Mar 15 19:50:31 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 32DBF106566B
	for <freebsd-net@freebsd.org>; Thu, 15 Mar 2012 19:50:31 +0000 (UTC)
	(envelope-from seyit.ozgur@istanbul.net)
Received: from spamtrap.istanbul.net (spamtrap.istanbul.net [85.111.12.34])
	by mx1.freebsd.org (Postfix) with ESMTP id A6BED8FC0A
	for <freebsd-net@freebsd.org>; Thu, 15 Mar 2012 19:50:30 +0000 (UTC)
X-ASG-Debug-ID: 1331841018-0426ae630318e630001-QdxwpM
Received: from GAMMA.magnetdigital.local (gamma.magnetdigital.local
	[192.168.131.244]) by spamtrap.istanbul.net with ESMTP id
	SGQnubMqWQOibB7P for <freebsd-net@freebsd.org>;
	Thu, 15 Mar 2012 21:50:18 +0200 (EET)
X-Barracuda-Envelope-From: seyit.ozgur@istanbul.net
X-Barracuda-RBL-Trusted-Forwarder: 192.168.131.244
Received: from YUHANNA.magnetdigital.local ([fe80::1058:3088:f9b1:1346]) by
	GAMMA.magnetdigital.local ([fe80::3cca:d6ef:febb:fafb%17]) with mapi id
	14.01.0218.012; Thu, 15 Mar 2012 21:49:29 +0200
From: =?iso-8859-1?Q?Seyit_=D6zg=FCr?= <seyit.ozgur@istanbul.net>
X-Barracuda-Apparent-Source-IP: fe80::1058:3088:f9b1:1346
To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Thread-Topic: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0
	release
X-ASG-Orig-Subj: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0
	release
Thread-Index: Ac0C5Fxpv2wbk7REQXGSXBWgiq7+JA==
Date: Thu, 15 Mar 2012 19:49:28 +0000
Message-ID: <3807CE6F3BF4B04EB897F4EBF2D258CE5C05F221@yuhanna.magnetdigital.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.28.11.161]
MIME-Version: 1.0
X-Barracuda-Connect: gamma.magnetdigital.local[192.168.131.244]
X-Barracuda-Start-Time: 1331841018
X-Barracuda-URL: http://10.10.140.221:8000/cgi-mod/mark.cgi
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No,
	SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0
	QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE,
	NORMAL_HTTP_TO_IP
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.91306
	Rule breakdown below
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	0.00 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
	0.00 HTML_MESSAGE           BODY: HTML included in message
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0
 release
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2012 19:50:31 -0000

Hi,

Today we tried to see what happens Malformed syn packets on FreeBSD 9.0 rel=
ease..

Those packets rise to CPU %100 and stucks..

listening on ix0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:33:30.010215 IP vgn44-1-88-123-89-40.fbx.proxad.net > 85.xxx.xxx.90: tcp
18:33:30.010242 IP 225.74.196.88.sta.estpak.ee > 85.xxx.xxx.90: tcp
18:33:30.010269 IP Nnov-Prospekt.71.quantum.rn > 85.xxx.xxx.90: tcp
18:33:30.010296 IP host52-108-static.49-88-b.business.telecomitalia.it > 85=
.xxx.xxx.90: tcp
18:33:30.010325 IP 125.Red-88-1-75.dynamicIP.rima-tde.net > 85.xxx.xxx.90: =
tcp

i dont know which tool generate those packets.. but as we see i dont see se=
q, flag, lenth etc.. just this ouput on tcpdump...

Is there any kernel feature for do NOT process malformed syn packets ??