d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fe7075481b
freebsd-dev/sys/netinet
History
Jonathan Lemon a9c9684163 Extend the SYN DoS defense by adding syncookies to the syncache. 
All TCP ISNs that are sent out are valid cookies, which allows entries
in the syncache to be dropped and still have the ACK accepted later.
As all entries pass through the syncache, there is no sudden switchover
from cache -> cookies when the cache is full; instead, syncache entries
simply have a reduced lifetime.  More details may be found in the
"Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002
conference proceedings.

Sponsored by: DARPA, NAI Labs
2001-12-19 06:12:14 +00:00
..
libalias Fixed the bug in transparent TCP proxying with the "encode_ip_hdr" 2001-12-18 16:13:45 +00:00
accf_data.c
accf_http.c
icmp6.h
icmp_var.h whitespace fixes. 2001-12-14 19:32:47 +00:00
if_atm.c
if_atm.h
if_ether.c Minor style fix. 2001-12-13 04:01:01 +00:00
if_ether.h
if_fddi.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_gif.c
in_gif.h
in_pcb.c Minor style fixes. 2001-12-13 04:01:23 +00:00
in_pcb.h Add include of net/route.h, as structures moved around due to the 2001-11-27 17:36:39 +00:00
in_proto.c
in_rmx.c
in_systm.h
in_var.h
in.c During SIOCAIFADDR, if in_ifinit() fails and we've already added an 2001-11-30 14:00:55 +00:00
in.h o Stop abusing MD headers with non-MD types. 2001-12-01 03:43:01 +00:00
ip6.h
ip_divert.c Update to C99, s/__FUNCTION__/__func__/, 2001-12-10 08:09:49 +00:00
ip_dummynet.c MFS: sync the ipfw/dummynet/bridge code with the one recently merged 2001-11-04 22:56:25 +00:00
ip_dummynet.h MFS: sync the ipfw/dummynet/bridge code with the one recently merged 2001-11-04 22:56:25 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_flow.c s/FREE/free/ 2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw.c minor whitespace fixes. 2001-12-14 19:32:00 +00:00
ip_fw.h MFS: sync the ipfw/dummynet/bridge code with the one recently merged 2001-11-04 22:56:25 +00:00
ip_icmp.c whitespace fixes. 2001-12-14 19:32:47 +00:00
ip_icmp.h
ip_id.c
ip_input.c minor style and whitespace fixes. 2001-12-14 19:33:29 +00:00
ip_mroute.c Allow for ip_output() to be called with a NULL route pointer. 2001-12-01 13:48:16 +00:00
ip_mroute.h
ip_output.c whitespace and style fixes recovered from -stable. 2001-12-14 19:34:11 +00:00
ip_var.h - Make ip_rtaddr() global, and use it to look up the correct source 2001-11-30 10:40:28 +00:00
ip.h o Add IPOPT_ESO for the 'Extended Security' IP option (RFC1108) 2001-12-14 19:37:32 +00:00
ipprotosw.h
raw_ip.c Restore the ability to use IP_FW_ADD with setsockopt(2) that got 2001-11-26 10:05:58 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c Fix up tabs in comments. 2001-12-13 04:02:09 +00:00
tcp_output.c Reduce the local network slowstart flightsize from infinity to 4 packets. 2001-12-14 18:26:52 +00:00
tcp_reass.c Fix up tabs in comments. 2001-12-13 04:02:09 +00:00
tcp_seq.h Move initialization of snd_recover into tcp_sendseqinit(). 2001-11-21 18:45:51 +00:00
tcp_subr.c Introduce a syncache, which enables FreeBSD to withstand a SYN flood 2001-11-22 04:50:44 +00:00
tcp_syncache.c Extend the SYN DoS defense by adding syncookies to the syncache. 2001-12-19 06:12:14 +00:00
tcp_timer.c o Our currenty userland boot code (due to rc.conf and rc.network) always 2001-12-07 17:01:28 +00:00
tcp_timer.h
tcp_timewait.c Introduce a syncache, which enables FreeBSD to withstand a SYN flood 2001-11-22 04:50:44 +00:00
tcp_usrreq.c Introduce a syncache, which enables FreeBSD to withstand a SYN flood 2001-11-22 04:50:44 +00:00
tcp_var.h Fix a bug with transmitter restart after receiving a 0 window. The 2001-12-02 08:49:29 +00:00
tcp.h
tcpip.h
udp_usrreq.c o Replace reference to 'struct proc' with 'struct thread' in 'struct 2001-11-08 02:13:18 +00:00
udp_var.h
udp.h