Add limits on the number of elements in the sack scoreboard both

per-connection and globally. This eliminates potential DoS attacks where SACK scoreboard elements tie up too much memory. Submitted by: Raja Mukerji (raja at moselle dot com). Reviewed by: Mohan Srinivasan (mohans at yahoo-inc dot com).
author: ps <ps@FreeBSD.org> 2005-03-09 23:14:10 +0000
committer: ps <ps@FreeBSD.org> 2005-03-09 23:14:10 +0000
commit: f01ea9b62654b444f236eae247140d7e5c0b8f7f (patch)
tree: ab09ad543e8cb75a9f79e2b09f9daa21f95311d4 /usr.bin/netstat
parent: 6daa7d8d2eae259971e0e1397876bb4411b44f4e (diff)
download: FreeBSD-src-f01ea9b62654b444f236eae247140d7e5c0b8f7f.zip
FreeBSD-src-f01ea9b62654b444f236eae247140d7e5c0b8f7f.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c
index 6590848..bc60fd0 100644
--- a/usr.bin/netstat/inet.c
+++ b/usr.bin/netstat/inet.c
@@ -464,6 +464,7 @@ tcp_stats(u_long off __unused, const char *name, int af1 __unused)
 	p(tcps_sack_rcv_blocks,
 		"\t%lu SACK option%s (SACK blocks) received\n"); 
 	p(tcps_sack_send_blocks, "\t%lu SACK option%s (SACK blocks) sent\n"); 
+	p1a(tcps_sack_sboverflow, "\t%lu SACK scoreboard overflow\n"); 
 
 #undef p
 #undef p1a
author	ps <ps@FreeBSD.org>	2005-03-09 23:14:10 +0000
committer	ps <ps@FreeBSD.org>	2005-03-09 23:14:10 +0000
commit	f01ea9b62654b444f236eae247140d7e5c0b8f7f (patch)
tree	ab09ad543e8cb75a9f79e2b09f9daa21f95311d4 /usr.bin/netstat
parent	6daa7d8d2eae259971e0e1397876bb4411b44f4e (diff)
download	FreeBSD-src-f01ea9b62654b444f236eae247140d7e5c0b8f7f.zip FreeBSD-src-f01ea9b62654b444f236eae247140d7e5c0b8f7f.tar.gz