d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8390e0ce62
freebsd-dev/sys
History
jesper cfd2d3b2c6 Silby's take one on increasing FreeBSD's resistance to SYN floods: 
One way we can reduce the amount of traffic we send in response to a SYN
flood is to eliminate the RST we send when removing a connection from
the listen queue.  Since we are being flooded, we can assume that the
majority of connections in the queue are bogus.  Our RST is unwanted
by these hosts, just as our SYN-ACK was.  Genuine connection attempts
will result in hosts responding to our SYN-ACK with an ACK packet.  We
will automatically return a RST response to their ACK when it gets to us
if the connection has been dropped, so the early RST doesn't serve the
genuine class of connections much.  In summary, we can reduce the number
of packets we send by a factor of two without any loss in functionality
by ensuring that RST packets are not sent when dropping a connection
from the listen queue.

Submitted by:	Mike Silbersack <silby@silby.com>
Reviewed by:	jesper
MFC after:	2 weeks
2001-06-06 19:41:51 +00:00
..
alpha hold the vm_mtx around vm_map_lookup_entry() and vm_map_findspace() 2001-06-06 14:07:52 +00:00
amd64 Don't hold sched_lock across addupc_task(). 2001-06-06 00:57:24 +00:00
arm/include Make _BSD_TIME_T_ (time_t) an int' rather than long'. This will help 2001-05-18 01:43:25 +00:00
boot Remove vestiges of MFS. 2001-06-01 10:07:28 +00:00
cam Sorry, an "ARCHIVE Python 06408" does not need SA_QUIRK_NOCOMP. 2001-06-06 13:01:44 +00:00
coda Now works again and as a module and with devfs. 2001-06-05 19:45:16 +00:00
compat S_IFCHR is not a bit mask, it's just a value in a field. The correct 2001-06-04 03:39:14 +00:00
compile
conf Fixed missing parentheses in the definition of KTR_COMPILE. KTR_COMPILE 2001-06-06 06:58:13 +00:00
contrib Remove old ACPI CA code. These will be drained from the repo at some 2001-05-29 20:22:11 +00:00
crypto Kernel crypto need binary key material, not symbolic ascii. 2001-03-10 13:02:58 +00:00
ddb o Merge contents of struct pcred into struct ucred. Specifically, add the 2001-05-25 16:59:11 +00:00
dev Disable extra TCP/UCP checksum checking in nge_rxeof() for now. 2001-06-06 19:17:10 +00:00
fs The kq write filter was hooked up to the wrong socket, and thus was 2001-06-06 17:38:36 +00:00
geom Polish error handling with biofinish(). 2001-05-08 09:10:27 +00:00
gnu new (gpl licensed) firmware image for cs4280/cs46xx sound chips 2001-05-30 22:28:30 +00:00
i4b Submitted by: Juha-Matti Liukkonen (Cubical Solutions Ltd) (jml@cubical.fi) 2001-05-25 08:43:30 +00:00
i386 Fixed missing parentheses in the definition of KTR_COMPILE. KTR_COMPILE 2001-06-06 06:58:13 +00:00
ia64 Nuke the various poorly maintained copies of ioctl_fd.h. The file is 2001-06-06 06:15:03 +00:00
isa Nuke the various poorly maintained copies of ioctl_fd.h. The file is 2001-06-06 06:15:03 +00:00
isofs/cd9660 - FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file 2001-05-23 09:42:29 +00:00
kern Unbreak setregid(2). 2001-06-06 13:58:03 +00:00
libkern Make the rcsid and FreeBSD IDs more sane in the wcs* and wmem* files. 2001-05-24 08:47:42 +00:00
modules - VFS_SET(msdos) -> VFS_SET(msdosfs) 2001-06-01 10:57:26 +00:00
net When looking for an interface appropriate for the (new or changing) 2001-06-04 14:13:15 +00:00
netatalk Mechanical change to use <sys/queue.h> macro API instead of 2001-02-04 13:13:25 +00:00
netatm Silence some warnings 2001-03-20 10:42:49 +00:00
netgraph Fix a range checking bug in ng_int32_parse which affected 64-bit 2001-05-19 19:36:32 +00:00
netinet Silby's take one on increasing FreeBSD's resistance to SYN floods: 2001-06-06 19:41:51 +00:00
netinet6 Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. 2001-06-01 10:02:28 +00:00
netipx Undo part of the tangle of having sys/lock.h and sys/mutex.h included in 2001-05-01 08:13:21 +00:00
netkey Remove unneeded includes of sys/ipl.h and machine/ipl.h. 2001-05-15 23:22:29 +00:00
netnatm Change a couple of M_WAITOKs used in M_PREPEND() to M_TRYWAITs, which 2001-04-05 04:20:48 +00:00
netncp Use new kernel_sysctlbyname function. Remove private copy. 2001-05-19 05:48:07 +00:00
netns * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
netsmb Back out scanning file descriptors with holding a process lock. 2001-05-15 10:19:57 +00:00
nfs Unlock the process returned from pfind() if it does not return NULL. 2001-06-01 01:30:51 +00:00
nfsclient Unlock the process returned from pfind() if it does not return NULL. 2001-06-01 01:30:51 +00:00
nfsserver Introduce a global lock for the vm subsystem (vm_mtx). 2001-05-19 01:28:09 +00:00
pc98 Nuke the various poorly maintained copies of ioctl_fd.h. The file is 2001-06-06 06:15:03 +00:00
pccard If the chip isn't in power state D0, put it in power state D0. I 2001-06-04 17:14:28 +00:00
pci Fix mindo: 2001-06-05 20:51:17 +00:00
posix4 o Merge contents of struct pcred into struct ucred. Specifically, add the 2001-05-25 16:59:11 +00:00
powerpc Properly wrap mtx_intr_enable() macro in "do $bla while (0)" 2001-06-02 08:17:42 +00:00
rpc Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and 2001-03-19 12:50:13 +00:00
svr4
sys Style and cosmetic cleanups. This driver is now reasonably stlye(9) 2001-06-05 05:00:17 +00:00
tools replace calls to non-existant bail() subroutine with calls to 2001-03-23 11:48:50 +00:00
ufs Add a wrapper for the fifo kqfilter which falls through to the ufs routine. 2001-06-06 17:40:57 +00:00
vm Change the way information about swap devices is exported to be more 2001-06-01 22:53:10 +00:00
Makefile