Date: Sun, 15 Jan 2012 21:52:51 +0200 From: Nikolay Denev <ndenev@gmail.com> To: Andrey Zonov <andrey@zonov.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: ICMP attacks against TCP and PMTUD Message-ID: <3008402354236887854@unknownmsgid> In-Reply-To: <12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28> References: <EE6495BD-38D0-4EBE-9A94-7C40DC69F820@gmail.com> <4F131A7D.4020006@zonov.org> <733BE6AF-33E0-4C16-A222-B5F5D0519194@gmail.com> <12379405.15603.1326656127893.JavaMail.mobile-sync@vbzh28>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15.01.2012, at 21:35, Andrey Zonov <andrey@zonov.org> wrote: > This helped me: > /boot/loader.conf > net.inet.tcp.hostcache.hashsizee536 > net.inet.tcp.hostcache.cachelimit=1966080 > > Actually, this is a workaround. As I remember, real problem is in > tcp_ctlinput(), it could not update MTU for destination IP if hostcache > allocation fails. tcp_hc_updatemtu() should returns NULL if > tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case > and sets updated MTU for this particular connection if > tcp_hc_updatemtu() fails. Otherwise we've got infinite loop in MTU > discovery. > > > On 15.01.2012 22:59, Nikolay Denev wrote: >> >> % uptime >> 7:57PM up 608 days, 4:06, 1 user, load averages: 0.30, 0.21, 0.17 >> >> % vmstat -z|grep hostcache >> hostcache: 136, 15372, 15136, 236, 44946965, 1= 0972760 >> >> >> Hmm=85 probably I should increase this=85. >> > > -- > Andrey Zonov Thanks, I will test this asap! Regards, Nikolay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3008402354236887854>