From owner-cvs-all Thu Jun 7 0: 5: 1 2001 Delivered-To: cvs-all@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id DD6A337B408; Thu, 7 Jun 2001 00:04:51 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f5774j528905; Thu, 7 Jun 2001 10:04:45 +0300 (EEST) (envelope-from ru) Date: Thu, 7 Jun 2001 10:04:45 +0300 From: Ruslan Ermilov To: Jesper Skriver Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_input.c Message-ID: <20010607100445.D26609@sunbay.com> Mail-Followup-To: Jesper Skriver , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200106061941.f56Jfqf74472@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106061941.f56Jfqf74472@freefall.freebsd.org>; from jesper@FreeBSD.org on Wed, Jun 06, 2001 at 12:41:52PM -0700 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Cool! I like this 13 lines of comments and 1 line of changed code. :-) On Wed, Jun 06, 2001 at 12:41:52PM -0700, Jesper Skriver wrote: > jesper 2001/06/06 12:41:52 PDT > > Modified files: > sys/netinet tcp_input.c > Log: > Silby's take one on increasing FreeBSD's resistance to SYN floods: > > One way we can reduce the amount of traffic we send in response to a SYN > flood is to eliminate the RST we send when removing a connection from > the listen queue. Since we are being flooded, we can assume that the > majority of connections in the queue are bogus. Our RST is unwanted > by these hosts, just as our SYN-ACK was. Genuine connection attempts > will result in hosts responding to our SYN-ACK with an ACK packet. We > will automatically return a RST response to their ACK when it gets to us > if the connection has been dropped, so the early RST doesn't serve the > genuine class of connections much. In summary, we can reduce the number > of packets we send by a factor of two without any loss in functionality > by ensuring that RST packets are not sent when dropping a connection > from the listen queue. > > Submitted by: Mike Silbersack > Reviewed by: jesper > MFC after: 2 weeks > > Revision Changes Path > 1.131 +15 -2 src/sys/netinet/tcp_input.c -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message