Date: Tue, 20 Jul 2021 18:44:40 +0200 From: "Kristof Provost" <kp@FreeBSD.org> To: "Dmitry Chagin" <dchagin@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 8e1864ed0712 - main - pf: syncookie support Message-ID: <33541515-8306-4BEB-9C1E-27C2CEB68941@FreeBSD.org> In-Reply-To: <YPaoHk7M1GByBzLh@heemeyer.club> References: <202107200836.16K8asPR040892@gitrepo.freebsd.org> <YPaoHk7M1GByBzLh@heemeyer.club>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Jul 2021, at 12:40, Dmitry Chagin wrote: > On Tue, Jul 20, 2021 at 08:36:54AM +0000, Kristof Provost wrote: >> The branch main has been updated by kp: >> >> URL: = >> https://cgit.FreeBSD.org/src/commit/?id=3D8e1864ed07121b479b95d7e3a593= 1a9e0ffd4713 >> >> commit 8e1864ed07121b479b95d7e3a5931a9e0ffd4713 >> Author: Kristof Provost <kp@FreeBSD.org> >> AuthorDate: 2021-05-20 09:54:41 +0000 >> Commit: Kristof Provost <kp@FreeBSD.org> >> CommitDate: 2021-07-20 08:36:13 +0000 >> >> pf: syncookie support >> >> Import OpenBSD's syncookie support for pf. This feature help pf = >> resist >> TCP SYN floods by only creating states once the remote host = >> completes >> the TCP handshake rather than when the initial SYN packet is = >> received. >> >> This is accomplished by using the initial sequence numbers to = >> encode a >> cookie (hence the name) in the SYN+ACK response and verifying = >> this on >> receipt of the client ACK. >> >> Reviewed by: kbowling >> Obtained from: OpenBSD >> MFC after: 1 week >> Sponsored by: Modirum MDPay >> Differential Revision: https://reviews.freebsd.org/D31138 > > NOINET6 build fails > LINT did too. It should be fixed in = b972a7fa9e1e01367435a5699b71cc7b5e494fee Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33541515-8306-4BEB-9C1E-27C2CEB68941>