freebsd-nq/sys/netinet
Jonathan T. Looney 0b18fb0798 Add new functionality to switch to using cookies exclusively when we the
syn cache overflows. Whether this is due to an attack or due to the system
having more legitimate connections than the syn cache can hold, this
situation can quickly impact performance.

To make the system perform better during these periods, the code will now
switch to exclusively using cookies until the syn cache stops overflowing.
In order for this to occur, the system must be configured to use the syn
cache with syn cookie fallback. If syn cookies are completely disabled,
this change should have no functional impact.

When the system is exclusively using syn cookies (either due to
configuration or the overflow detection enabled by this change), the
code will now skip acquiring a lock on the syn cache bucket. Additionally,
the code will now skip lookups in several places (such as when the system
receives a RST in response to a SYN|ACK frame).

Reviewed by:	rrs, gallatin (previous version)
Discussed with:	tuexen
Sponsored by:	Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D21644
2019-09-26 15:18:57 +00:00
..
cc When performing after_idle() or post_recovery(), don't disable the 2019-07-29 09:19:48 +00:00
khelp sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
libalias Separate kernel crc32() implementation to its own header (gsb_crc32.h) and 2019-06-17 19:49:08 +00:00
netdump Fix netdump buffering after r348473. 2019-08-19 16:29:51 +00:00
tcp_stacks lets put (void) in a couple of functions to keep older platforms that 2019-09-24 20:36:43 +00:00
accf_data.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
accf_dns.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
accf_http.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
icmp6.h Initial implementation of draft-ietf-6man-ipv6only-flag. 2018-10-30 20:08:48 +00:00
icmp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
if_ether.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
if_ether.h Retire arpresolve_addr(), which is not used anywhere, from if_ether.c. 2018-11-17 16:08:36 +00:00
igmp_var.h Separate list manipulation locking from state change in multicast 2018-05-02 19:36:29 +00:00
igmp.c Mechanical cleanup of epoch(9) usage in network stack. 2019-01-09 01:11:19 +00:00
igmp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
in_cksum.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
in_debug.c CK: update consumers to use CK macros across the board 2018-05-24 23:21:23 +00:00
in_fib.c Existense of PCB route caching doesn't allow us to use new fast route 2019-05-08 23:39:24 +00:00
in_fib.h Existense of PCB route caching doesn't allow us to use new fast route 2019-05-08 23:39:24 +00:00
in_gif.c Add the check that current VNET is ready and access to srchash is allowed. 2018-10-23 13:11:45 +00:00
in_jail.c Move most of the contents of opt_compat.h to opt_global.h. 2018-04-06 17:35:35 +00:00
in_kdtrace.c Define sctp probes only when SCTP is configured. 2018-09-06 14:15:03 +00:00
in_kdtrace.h Add support for send, receive and state-change DTrace providers for 2018-08-22 21:23:32 +00:00
in_mcast.c Convert all IPv4 and IPv6 multicast memberships into using a STAILQ 2019-06-25 11:54:41 +00:00
in_pcb.c Fix !INET build. 2019-08-02 22:43:09 +00:00
in_pcb.h IPv6 cleanup: kernel 2019-08-02 07:41:36 +00:00
in_pcbgroup.c Fix PCBGROUPS build post CK conversion of pcbinfo 2018-06-13 23:19:54 +00:00
in_prot.c Move most of the contents of opt_compat.h to opt_global.h. 2018-04-06 17:35:35 +00:00
in_proto.c Remove empty encap_init() function. 2018-05-29 12:32:08 +00:00
in_rmx.c
in_rss.c
in_rss.h
in_systm.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
in_var.h Convert all IPv4 and IPv6 multicast memberships into using a STAILQ 2019-06-25 11:54:41 +00:00
in.c Use IN_foo() macros from sys/netinet/in.h inplace of handcrafted code 2019-04-04 19:01:13 +00:00
in.h Rename IPPROTO 33 from SEP to DCCP 2019-08-08 11:43:09 +00:00
ip6.h carp: Set DSCP value CS7 2018-07-01 08:37:07 +00:00
ip_carp.c Convert all IPv4 and IPv6 multicast memberships into using a STAILQ 2019-06-25 11:54:41 +00:00
ip_carp.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_divert.c Make second argument of ip_divert(), that specifies packet direction a bool. 2019-03-14 22:23:09 +00:00
ip_divert.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_dummynet.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ip_ecn.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip_ecn.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip_encap.c Include <sys/eventhandler.h> to fix the build. 2018-10-21 18:39:34 +00:00
ip_encap.h Add KPI that can be used by tunneling interfaces to handle IP addresses 2018-10-21 17:55:26 +00:00
ip_fastfwd.c New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
ip_fw.h Add "tcpmss" opcode to match the TCP MSS value. 2019-06-21 10:54:51 +00:00
ip_gre.c Add GRE-in-UDP encapsulation support as defined in RFC8086. 2019-04-24 09:05:45 +00:00
ip_icmp.c Add CTLFLAG_VNET to the net.inet.icmp.tstamprepl definition. 2019-03-26 22:14:50 +00:00
ip_icmp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip_id.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
ip_input.c Use IN_foo() macros from sys/netinet/in.h inplace of handcrafted code 2019-04-04 19:01:13 +00:00
ip_mroute.c Convert all IPv4 and IPv6 multicast memberships into using a STAILQ 2019-06-25 11:54:41 +00:00
ip_mroute.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip_options.c Mechanical cleanup of epoch(9) usage in network stack. 2019-01-09 01:11:19 +00:00
ip_options.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ip_output.c This commit adds BBR (Bottleneck Bandwidth and RTT) congestion control. This 2019-09-24 18:18:11 +00:00
ip_reass.c Revert r346530 until further. 2019-04-22 19:36:19 +00:00
ip_var.h This commit adds BBR (Bottleneck Bandwidth and RTT) congestion control. This 2019-09-24 18:18:11 +00:00
ip.h carp: Set DSCP value CS7 2018-07-01 08:37:07 +00:00
pim_var.h Rework IP encapsulation handling code. 2018-06-05 20:51:01 +00:00
pim.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
raw_ip.c When sending IPv4 packets on a SOCK_RAW socket using the IP_HDRINCL option, 2019-04-13 10:47:47 +00:00
sctp_asconf.c Fix the handling of invalid parameters in ASCONF chunks. 2019-09-20 08:20:20 +00:00
sctp_asconf.h Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
sctp_auth.c Only allow a SCTP-AUTH shared key to be updated by the application 2019-09-17 09:46:42 +00:00
sctp_auth.h Remove unused code. 2018-09-18 10:53:07 +00:00
sctp_bsd_addr.c Mechanical cleanup of epoch(9) usage in network stack. 2019-01-09 01:11:19 +00:00
sctp_bsd_addr.h Revert https://svnweb.freebsd.org/changeset/base/336503 2018-07-19 20:11:14 +00:00
sctp_cc_functions.c Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
sctp_constants.h Limit the user-controllable amount of memory the kernel allocates 2019-01-16 11:33:47 +00:00
sctp_crc32.c When the IP layer calls back into the SCTP layer to perform the SCTP 2019-09-15 18:29:45 +00:00
sctp_crc32.h When adding support for sending SCTP packets containing an ABORT chunk 2017-12-26 12:35:02 +00:00
sctp_dtrace_declare.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
sctp_dtrace_define.h Add support for send, receive and state-change DTrace providers for 2018-08-22 21:23:32 +00:00
sctp_header.h Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
sctp_indata.c Plumb a memory leak. 2019-09-24 13:15:24 +00:00
sctp_indata.h Fix initialization of top_fsn. 2019-09-01 10:39:16 +00:00
sctp_input.c Don't hold the info lock when calling sctp_select_a_tag(). 2019-09-22 11:11:01 +00:00
sctp_input.h Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
sctp_lock_bsd.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
sctp_os_bsd.h Improve consistency. No functional change. 2019-08-05 13:22:15 +00:00
sctp_os.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
sctp_output.c Improve the handling of state cookie parameters in INIT-ACK chunks. 2019-09-01 10:09:53 +00:00
sctp_output.h Improve the handling of state cookie parameters in INIT-ACK chunks. 2019-09-01 10:09:53 +00:00
sctp_pcb.c Improve function definition. 2019-08-31 13:13:40 +00:00
sctp_pcb.h IPv6 cleanup: kernel 2019-08-02 07:41:36 +00:00
sctp_peeloff.c Use the stacb instead of the asoc in state macros. 2018-08-13 13:58:45 +00:00
sctp_peeloff.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
sctp_ss_functions.c Initialize scheduler specific data for the FCFS scheduler. 2019-03-25 16:40:54 +00:00
sctp_structs.h Fix build issue for the userland stack. 2019-03-24 12:13:05 +00:00
sctp_syscalls.c netinet silence warnings 2018-05-19 05:56:21 +00:00
sctp_sysctl.c Plug some networking sysctl leaks. 2018-11-22 20:49:41 +00:00
sctp_sysctl.h Add initial descriptions for SCTP related MIB variable. 2018-10-26 21:04:17 +00:00
sctp_timer.c Refactor the SHUTDOWN_PENDING state handling. 2018-08-21 13:25:32 +00:00
sctp_timer.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
sctp_uio.h Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
sctp_usrreq.c Fix a locking issue in sctp_accept. 2019-08-06 10:29:19 +00:00
sctp_var.h Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
sctp.h Limit the size of messages sent on 1-to-many style SCTP sockets with the 2019-03-23 22:56:03 +00:00
sctputil.c Cleanup the RTO calculation and perform some consistency checks 2019-09-22 10:40:15 +00:00
sctputil.h Cleanup the RTO calculation and perform some consistency checks 2019-09-22 10:40:15 +00:00
siftr.c Repair siftr(4): PFIL_IN and PFIL_OUT are defines of some value, relying 2019-02-01 08:10:26 +00:00
tcp_debug.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
tcp_debug.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
tcp_fastopen.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
tcp_fastopen.h Greatly reduce the number of #ifdefs supporting the TCP_RFC7413 kernel option. 2018-02-26 03:03:41 +00:00
tcp_fsm.h Revert r334843, and partially revert r335180. 2018-06-23 06:53:53 +00:00
tcp_hostcache.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
tcp_hostcache.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
tcp_hpts.c This commit updates rack to what is basically being used at NF as 2019-07-10 20:40:39 +00:00
tcp_hpts.h This commit updates rack to what is basically being used at NF as 2019-07-10 20:40:39 +00:00
tcp_input.c Only update SACK/DSACK lists when a non-empty segment was received. 2019-09-09 16:07:47 +00:00
tcp_log_buf.c Fix a small bug in the tcp_log_id where the bucket 2019-04-10 18:58:11 +00:00
tcp_log_buf.h This commit updates rack to what is basically being used at NF as 2019-07-10 20:40:39 +00:00
tcp_lro.c Fix build after r351934 2019-09-06 18:33:39 +00:00
tcp_lro.h This adds the final tweaks to LRO that will now allow me 2019-09-06 14:25:41 +00:00
tcp_offload.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
tcp_offload.h Add a hook to allow the toedev handling an offloaded connection to 2018-04-03 01:08:54 +00:00
tcp_output.c Initialize if_hw_tsomaxsegsize to 0 to appease gcc's flow analysis as a 2019-09-06 18:25:42 +00:00
tcp_pcap.c Add an external mbuf buffer type that holds multiple unmapped pages. 2019-06-29 00:48:33 +00:00
tcp_pcap.h
tcp_ratelimit.c With the recent commit of ktls, we no longer have a 2019-09-11 15:41:36 +00:00
tcp_ratelimit.h Fix the ifdefs in tcp_ratelimit.h. They were reversed so 2019-09-24 20:04:31 +00:00
tcp_reass.c This patch addresses an issue brought up by bz@ in D18968: 2019-02-21 09:34:47 +00:00
tcp_sack.c Don't write to memory outside of the allocated array for SACK blocks. 2019-09-16 08:18:05 +00:00
tcp_seq.h r330675 introduced an extra window check in the LRO code to ensure it 2018-04-03 13:54:38 +00:00
tcp_subr.c This adds in the missing counter initialization which 2019-09-06 18:29:48 +00:00
tcp_syncache.c Add new functionality to switch to using cookies exclusively when we the 2019-09-26 15:18:57 +00:00
tcp_syncache.h Add new functionality to switch to using cookies exclusively when we the 2019-09-26 15:18:57 +00:00
tcp_timer.c Add sysctl variable net.inet.tcp.rexmit_initial for setting RTO.Initial 2019-03-23 21:36:59 +00:00
tcp_timer.h Add sysctl variable net.inet.tcp.rexmit_initial for setting RTO.Initial 2019-03-23 21:36:59 +00:00
tcp_timewait.c Fix a byte ordering issue for the advertised receiver window in ACK 2019-02-15 09:45:17 +00:00
tcp_usrreq.c Add kernel-side support for in-kernel TLS. 2019-08-27 00:01:56 +00:00
tcp_var.h This adds in the missing counter initialization which 2019-09-06 18:29:48 +00:00
tcp.h This commit adds BBR (Bottleneck Bandwidth and RTT) congestion control. This 2019-09-24 18:18:11 +00:00
tcpip.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
toecore.c Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
toecore.h Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
udp_usrreq.c After parts of the locking fixes in r346595, syzkaller found 2019-06-01 14:57:42 +00:00
udp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
udp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
udplite.h Add a dtrace provider for UDP-Lite. 2018-07-31 22:56:03 +00:00