Date: Thu, 15 Mar 2012 13:12:26 -0700 From: Chuck Swiger <cswiger@mac.com> To: =?iso-8859-1?Q?Seyit_=D6zg=FCr?= <seyit.ozgur@istanbul.net> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Malformed syn packet cause %100 cpu and interrupts FreeBSD 9.0 release Message-ID: <38FA7BAB-AC2B-4515-85CF-27F77C3F4313@mac.com> In-Reply-To: <3807CE6F3BF4B04EB897F4EBF2D258CE5C05F221@yuhanna.magnetdigital.local> References: <3807CE6F3BF4B04EB897F4EBF2D258CE5C05F221@yuhanna.magnetdigital.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 15, 2012, at 12:49 PM, Seyit =D6zg=FCr wrote: > Today we tried to see what happens Malformed syn packets on FreeBSD = 9.0 release.. >=20 > Those packets rise to CPU %100 and stucks.. >=20 > listening on ix0, link-type EN10MB (Ethernet), capture size 65535 = bytes > 18:33:30.010215 IP vgn44-1-88-123-89-40.fbx.proxad.net > = 85.xxx.xxx.90: tcp > 18:33:30.010242 IP 225.74.196.88.sta.estpak.ee > 85.xxx.xxx.90: tcp > 18:33:30.010269 IP Nnov-Prospekt.71.quantum.rn > 85.xxx.xxx.90: tcp > 18:33:30.010296 IP host52-108-static.49-88-b.business.telecomitalia.it = > 85.xxx.xxx.90: tcp > 18:33:30.010325 IP 125.Red-88-1-75.dynamicIP.rima-tde.net > = 85.xxx.xxx.90: tcp >=20 > i dont know which tool generate those packets.. but as we see i dont = see seq, flag, lenth etc.. just this ouput on tcpdump... >=20 > Is there any kernel feature for do NOT process malformed syn packets = ?? A firewall can block them before the system will see and try to process = them as incoming traffic. Also, running tcpdump with -X will give both hex and ASCII rendition of = the packets, which would be helpful to identify what you mean by = "malformed". Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38FA7BAB-AC2B-4515-85CF-27F77C3F4313>