From owner-freebsd-current  Sun Oct 13 11:37:39 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id LAA29921
          for current-outgoing; Sun, 13 Oct 1996 11:37:39 -0700 (PDT)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA29916
          for <current@freebsd.org>; Sun, 13 Oct 1996 11:37:36 -0700 (PDT)
Received: from mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by Kitten.mcs.com (8.8.0/8.8.Beta.3) with SMTP id NAA18572 for <current@freebsd.org>; Sun, 13 Oct 1996 13:37:35 -0500 (CDT)
Received: by mailbox.mcs.com (/\==/\ Smail3.1.28.1 #28.15)
	id <m0vCVPr-000D5HC@mailbox.mcs.com>; Sun, 13 Oct 96 13:37 CDT
Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.Beta.6/8.8.Beta.3) id NAA25616 for current@freebsd.org; Sun, 13 Oct 1996 13:37:34 -0500 (CDT)
From: Karl Denninger  <karl@Mcs.Net>
Message-Id: <199610131837.NAA25616@Jupiter.Mcs.Net>
Subject: Patch which I installed for the SYN-flood related crashes
To: current@freebsd.org
Date: Sun, 13 Oct 1996 13:37:34 -0500 (CDT)
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Note that we have now been running with this for almost 2 full days.

No panics.

The fix we are using is as follows:

~line 416 in tcp_input.c:

                        if (so2 == 0) {
                                tcpstat.tcps_listendrop++;
                                so2 = sodropablereq(so);
                                if (so2) {
                                    sofree(so2);        /* Free Socket */
                                    so2 = sonewconn(so, 0);
                                    if (!so2)           /* Can't happen? */
                                        goto drop;
                                } else { 
                                    goto drop;
                                }
                        }

This appears to have no bad side effects (no mbufs being stuck, no memory 
leaks which we can discern, etc.)

And it DOES appear to fix the problem.

We're going to grab the new committed stuff and compare it -- I 
understand another fix was committed in the last few days - but the fix
above definitely appears to be effective.

--
--
Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1 from $600 monthly; speeds to DS-3 available
			     | 23 Chicagoland Prefixes, 13 ISDN, much more
Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/
Fax:   [+1 312 248-9865]     | Home of Chicago's only FULL Clarinet feed!