diff options
author | ps <ps@FreeBSD.org> | 2005-03-09 23:14:10 +0000 |
---|---|---|
committer | ps <ps@FreeBSD.org> | 2005-03-09 23:14:10 +0000 |
commit | f01ea9b62654b444f236eae247140d7e5c0b8f7f (patch) | |
tree | ab09ad543e8cb75a9f79e2b09f9daa21f95311d4 /usr.bin/netstat | |
parent | 6daa7d8d2eae259971e0e1397876bb4411b44f4e (diff) | |
download | FreeBSD-src-f01ea9b62654b444f236eae247140d7e5c0b8f7f.zip FreeBSD-src-f01ea9b62654b444f236eae247140d7e5c0b8f7f.tar.gz |
Add limits on the number of elements in the sack scoreboard both
per-connection and globally. This eliminates potential DoS attacks
where SACK scoreboard elements tie up too much memory.
Submitted by: Raja Mukerji (raja at moselle dot com).
Reviewed by: Mohan Srinivasan (mohans at yahoo-inc dot com).
Diffstat (limited to 'usr.bin/netstat')
-rw-r--r-- | usr.bin/netstat/inet.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index 6590848..bc60fd0 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -464,6 +464,7 @@ tcp_stats(u_long off __unused, const char *name, int af1 __unused) p(tcps_sack_rcv_blocks, "\t%lu SACK option%s (SACK blocks) received\n"); p(tcps_sack_send_blocks, "\t%lu SACK option%s (SACK blocks) sent\n"); + p1a(tcps_sack_sboverflow, "\t%lu SACK scoreboard overflow\n"); #undef p #undef p1a |