d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
50f5d13eeb
freebsd-dev/sys/security
History
Gleb Smirnoff 08d9c92027 tcp_input/syncache: acquire only read lock on PCB for SYN,!ACK packets 
When packet is a SYN packet, we don't need to modify any existing PCB.
Normally SYN arrives on a listening socket, we either create a syncache
entry or generate syncookie, but we don't modify anything with the
listening socket or associated PCB. Thus create a new PCB lookup
mode - rlock if listening. This removes the primary contention point
under SYN flood - the listening socket PCB.

Sidenote: when SYN arrives on a synchronized connection, we still
don't need write access to PCB to send a challenge ACK or just to
drop. There is only one exclusion - tcptw recycling. However,
existing entanglement of tcp_input + stacks doesn't allow to make
this change small. Consider this patch as first approach to the problem.

Reviewed by:	rrs
Differential revision:	https://reviews.freebsd.org/D29576
2021-04-12 08:25:31 -07:00
..
audit close_range: add audit support 2021-02-23 17:47:07 +00:00
mac tcp_input/syncache: acquire only read lock on PCB for SYN,!ACK packets 2021-04-12 08:25:31 -07:00
mac_biba
mac_bsdextended
mac_ifoff
mac_lomac
mac_mls
mac_none
mac_ntpd
mac_partition
mac_portacl
mac_seeotheruids
mac_stub
mac_test
mac_veriexec Convert remaining cap_rights_init users to cap_rights_init_one 2021-01-12 13:16:10 +00:00
mac_veriexec_parser