| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
results in the syncache entry being turned into a socket. While it's
not used in the main tree, this is required in the MAC tree so that
labels can be propagated from the mbuf to the socket. This is also
useful if you're doing things like transparent IP connection hijacking
and you want to use the syncache/cookie mechanism, but we won't go
there.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|
| | |
|
| |
|
|
|
|
| |
malloc(9) and vm_zone with a slab like allocator.
Reviewed by: arch@
|
| | |
|
| |
|
|
|
|
|
| |
- When making a pcb from a sync cache, do not forget to copy inc_isipv6.
Obtained from: KAME
MFC After: 1 week
|
| |
|
|
|
| |
from the current listen socket instead of the cached (and possibly stale)
TCB pointer.
|
| |
|
|
|
|
| |
update our lazy reference to the inpcb structure, as it may have changed.
Found by: dima
|
| |
|
|
|
|
|
|
|
|
| |
this is a low-functionality change that changes the kernel to access the main
thread of a process via the linked list of threads rather than
assuming that it is embedded in the process. It IS still embeded there
but remove all teh code that assumes that in preparation for the next commit
which will actually move it out.
Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
|
| |
|
|
| |
Submitted by: emy@boostworks.com
|
| |
|
|
|
|
| |
arc4random() routine to generate ISNs instead of creating them with MD5().
Suggested by: silby
|
| |
|
|
| |
(instead of int) to keep the 64 bit platforms happy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All TCP ISNs that are sent out are valid cookies, which allows entries
in the syncache to be dropped and still have the ACK accepted later.
As all entries pass through the syncache, there is no sudden switchover
from cache -> cookies when the cache is full; instead, syncache entries
simply have a reduced lifetime. More details may be found in the
"Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002
conference proceedings.
Sponsored by: DARPA, NAI Labs
|
| |
|
|
| |
is initialized in case we take the T/TCP path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
receiver was not sending an immediate ack with delayed acks turned on
when the input buffer is drained, preventing the transmitter from
restarting immediately.
Propogate the TCP_NODELAY option to accept()ed sockets. (Helps tbench and
is a good idea anyway).
Some cleanup. Identify additonal issues in comments.
MFC after: 1 day
|
| |
|
|
| |
fixes route breakage due to uncleared gabage on my box.
|
| |
|
|
|
|
| |
to be followed by nfsnodehashtbl, so bzeroing callouts beyond the end of
tcp_syncache soon caused a null pointer panic when nfsnodehashtbl was
accessed.
|
|
|
DoS in an improved fashion over the existing code.
Reviewed by: silby (in a previous iteration)
Sponsored by: DARPA, NAI Labs
|
