From owner-freebsd-net@FreeBSD.ORG Mon Jan 23 15:01:11 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96173106564A for ; Mon, 23 Jan 2012 15:01:11 +0000 (UTC) (envelope-from ndenev@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 209D88FC13 for ; Mon, 23 Jan 2012 15:01:10 +0000 (UTC) Received: by eaai10 with SMTP id i10so1322961eaa.13 for ; Mon, 23 Jan 2012 07:01:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; bh=TtnxEp0c3IDDJyiYUVXdOSbe9UUMomcq8a/oTWqLlac=; b=J/6//9DZuNmzxoe0xoxrysGk0twgGQGtQcy4paA3iRJD25fp+hOOsuCAMVrdbwybjW WcuFxzwblewxNcuFujBWWWd8pqoRN8Jh2odv0wetygGxyKbsEY5dmTa4Q/lAv7/olAkX l6xrXr7x4CLaXUP18inEP4Xmt0oKqnOkwu7nQ= Received: by 10.213.36.11 with SMTP id r11mr1625923ebd.69.1327330870050; Mon, 23 Jan 2012 07:01:10 -0800 (PST) Received: from ndenevsa.sf.moneybookers.net (g1.moneybookers.com. [217.18.249.148]) by mx.google.com with ESMTPS id x4sm54794406eeb.4.2012.01.23.07.01.07 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 23 Jan 2012 07:01:08 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=windows-1252 From: Nikolay Denev In-Reply-To: <7D135FA9-6503-4263-AE55-5C80F94CDF5A@gmail.com> Date: Mon, 23 Jan 2012 17:01:06 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4F131A7D.4020006@zonov.org> <733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com> <12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28> <3008402354236887854@unknownmsgid> <7D135FA9-6503-4263-AE55-5C80F94CDF5A@gmail.com> To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.1251.1) Subject: Re: ICMP attacks against TCP and PMTUD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2012 15:01:11 -0000 On Jan 20, 2012, at 10:32 AM, Nikolay Denev wrote: > On Jan 15, 2012, at 9:52 PM, Nikolay Denev wrote: >=20 >> On 15.01.2012, at 21:35, Andrey Zonov wrote: >>=20 >>> This helped me: >>> /boot/loader.conf >>> net.inet.tcp.hostcache.hashsizee536 >>> net.inet.tcp.hostcache.cachelimit=1966080 >>>=20 >>> Actually, this is a workaround. As I remember, real problem is in >>> tcp_ctlinput(), it could not update MTU for destination IP if = hostcache >>> allocation fails. tcp_hc_updatemtu() should returns NULL if >>> tcp_hc_insert() returns NULL and tcp_ctlinput() should check this = case >>> and sets updated MTU for this particular connection if >>> tcp_hc_updatemtu() fails. Otherwise we've got infinite loop in MTU >>> discovery. >>>=20 >>>=20 >>> On 15.01.2012 22:59, Nikolay Denev wrote: >>>>=20 >>>> % uptime >>>> 7:57PM up 608 days, 4:06, 1 user, load averages: 0.30, 0.21, 0.17 >>>>=20 >>>> % vmstat -z|grep hostcache >>>> hostcache: 136, 15372, 15136, 236, = 44946965, 10972760 >>>>=20 >>>>=20 >>>> Hmm=85 probably I should increase this=85. >>>>=20 >>>=20 >>> -- >>> Andrey Zonov >>=20 >> Thanks, I will test this asap! >>=20 >> Regards, >> Nikolay >=20 > I've upgraded from 7.3-STABLE to 8.2-STABLE and bumped significantly = the hostcache tunables. > So far so good, I'll report back if I see similar traffic spikes. >=20 Seems like I have been wrong about these traffic spikes being attacks, = and actually the problem seems to be the pmtu infinite loop Andrey = described. I'm now running 8.2-STABLE with hostcache significantly bumped and = regularly have more than 20K hostcache entries, which was more than the default = limit of 15K I was running with before.