Date: Thu, 7 Jun 2001 10:04:45 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Jesper Skriver <jesper@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_input.c Message-ID: <20010607100445.D26609@sunbay.com> In-Reply-To: <200106061941.f56Jfqf74472@freefall.freebsd.org>; from jesper@FreeBSD.org on Wed, Jun 06, 2001 at 12:41:52PM -0700 References: <200106061941.f56Jfqf74472@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Cool! I like this 13 lines of comments and 1 line of changed code. :-) On Wed, Jun 06, 2001 at 12:41:52PM -0700, Jesper Skriver wrote: > jesper 2001/06/06 12:41:52 PDT > > Modified files: > sys/netinet tcp_input.c > Log: > Silby's take one on increasing FreeBSD's resistance to SYN floods: > > One way we can reduce the amount of traffic we send in response to a SYN > flood is to eliminate the RST we send when removing a connection from > the listen queue. Since we are being flooded, we can assume that the > majority of connections in the queue are bogus. Our RST is unwanted > by these hosts, just as our SYN-ACK was. Genuine connection attempts > will result in hosts responding to our SYN-ACK with an ACK packet. We > will automatically return a RST response to their ACK when it gets to us > if the connection has been dropped, so the early RST doesn't serve the > genuine class of connections much. In summary, we can reduce the number > of packets we send by a factor of two without any loss in functionality > by ensuring that RST packets are not sent when dropping a connection > from the listen queue. > > Submitted by: Mike Silbersack <silby@silby.com> > Reviewed by: jesper > MFC after: 2 weeks > > Revision Changes Path > 1.131 +15 -2 src/sys/netinet/tcp_input.c -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010607100445.D26609>