d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/netinet
History
Randall Stewart 97e28f0f58 tcp: Rack ack war with a mis-behaving firewall or nat with resets. 
Previously we added ack-war prevention for misbehaving firewalls. This is
where the f/w or nat messes up its sequence numbers and causes an ack-war.
There is yet another type of ack war that we have found in the wild that is
like unto this. Basically the f/w or nat gets a ack (keep-alive probe or such)
and instead of turning the ack/seq around and adding a TH_RST it does something
real stupid and sends a new packet with seq=0. This of course triggers the challenge
ack in the reset processing which then sends in a challenge ack (if the seq=0 is within
the range of possible sequence numbers allowed by the challenge) and then we rinse-repeat.

This will add the needed tweaks (similar to the last ack-war prevention using the same sysctls and counters)
to prevent it and allow say 5 per second by default.

Reviewed by: Michael Tuexen
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D32938
2021-11-17 09:45:51 -05:00
..
cc
tcp: Ensure that vnets have an initialized V_default_cc_ptr
2021-11-12 12:18:12 -07:00
khelp
libalias
Fix fragmented UDP packets handling since rev.360967.
2021-10-15 16:48:12 -07:00
netdump
netdump: send key before dump, in case dump fails
2021-08-11 10:54:56 -05:00
tcp_stacks
tcp: Rack ack war with a mis-behaving firewall or nat with resets.
2021-11-17 09:45:51 -05:00
accf_data.c
Define a module version for accept filter modules.
2020-05-19 18:35:08 +00:00
accf_dns.c
Define a module version for accept filter modules.
2020-05-19 18:35:08 +00:00
accf_http.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
dccp.h
Add header definition for RFC4340, Datagram Congestion Control Protocol
2020-06-17 13:27:13 +00:00
icmp6.h
icmp6: Count packets dropped due to an invalid hop limit
2020-10-19 17:07:19 +00:00
icmp_var.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
if_ether.c
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
if_ether.h
igmp_var.h
igmp: convert igmpstat to use PCPU counters
2020-11-08 18:49:23 +00:00
igmp.c
Remove in_ifaddr_lock acquisiton to access in_ifaddrhead.
2021-10-13 10:04:46 -07:00
igmp.h
in_cksum.c
in_debug.c
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
in_fib_algo.c
Fix IPv4 fib bsearch4() lookup array construction.
2021-01-17 20:32:26 +00:00
in_fib_dxr.c
[fib_algo][dxr] Retire counters which are no longer used
2021-10-09 13:47:10 +02:00
in_fib.c
Fix some common typos in comments
2021-08-08 10:16:06 +02:00
in_fib.h
Refactor fib4/fib6 functions.
2020-11-29 13:41:49 +00:00
in_gif.c
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
in_jail.c
in_kdtrace.c
in_kdtrace.h
in_mcast.c
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
in_pcb_var.h
Add in_pcb_var.h for KPIs that are private to in_pcb.c and in6_pcb.c.
2021-10-18 10:19:57 -07:00
in_pcb.c
net: Allow binding of unspecified address without address existance
2021-10-20 19:25:51 -04:00
in_pcb.h
Add in_pcb_var.h for KPIs that are private to in_pcb.c and in6_pcb.c.
2021-10-18 10:19:57 -07:00
in_pcbgroup.c
inet(3): Fix a few common typos in source code comments
2021-08-28 18:53:02 +02:00
in_prot.c
in_proto.c
capsicum: Limit socket operations in capability mode
2021-04-07 14:32:56 -04:00
in_rmx.c
Refactor rib iterator functions.
2020-11-22 20:21:10 +00:00
in_rss.c
Implement flowid calculation for outbound connections to balance
2020-10-18 17:15:47 +00:00
in_rss.h
Implement flowid calculation for outbound connections to balance
2020-10-18 17:15:47 +00:00
in_systm.h
in_var.h
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
in.c
kernel: partially revert e9efb1125a15, default inet mask
2021-11-14 14:12:25 -06:00
in.h
Add in_localip_fib(), in6_localip_fib().
2021-11-12 08:59:42 -08:00
ip6.h
net: Introduce IPV6_DSCP(), IPV6_ECN() and IPV6_TRAFFIC_CLASS() macros
2021-03-04 20:56:48 +01:00
ip_carp.c
carp: deal with negative net.inet.carp.demotion
2021-11-01 17:08:23 +01:00
ip_carp.h
ip_divert.c
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
2021-11-16 13:38:09 -05:00
ip_divert.h
ip_dummynet.h
ipfw: use unsigned int for dummynet bandwidth
2021-08-19 10:48:53 +02:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c
routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549).
2021-08-22 22:56:08 +00:00
ip_fw.h
Allow setting alias port ranges in libalias and ipfw. This will allow a system
2021-02-02 13:24:17 -08:00
ip_gre.c
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
ip_icmp.c
Use network epoch to protect local IPv4 addresses hash.
2021-10-22 14:40:53 -07:00
ip_icmp.h
ip_id.c
ip_input.c
Add net.inet.ip.source_address_validation
2021-11-12 09:00:33 -08:00
ip_mroute.c
mroute: add missing WUNLOCK
2021-10-28 07:12:23 +02:00
ip_mroute.h
ip_mroute: rework ip_mroute
2021-05-31 05:48:15 +02:00
ip_options.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
ip_options.h
ip_output.c
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
2021-11-16 13:38:09 -05:00
ip_reass.c
ip_reass: do less work in ipreass_slowtimo if possible
2021-08-14 18:50:12 +02:00
ip_var.h
An earlier commit effectively turned out the fast forwading path
2020-11-12 21:58:47 +00:00
ip.h
pim_var.h
pim.h
raw_ip.c
Remove in_ifaddr_lock acquisiton to access in_ifaddrhead.
2021-10-13 10:04:46 -07:00
sctp_asconf.c
sctp: cleanup, no functional change intended
2021-09-15 10:18:11 +02:00
sctp_asconf.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_auth.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_auth.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_bsd_addr.c
Don't pass RFPROC to kproc_create(), it is redundant.
2021-03-12 09:48:10 -08:00
sctp_bsd_addr.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_cc_functions.c
sctp: remove some set, but unused variables
2021-08-09 15:58:46 +02:00
sctp_constants.h
sctp: Fix errno in case of association setup failures
2021-07-09 23:19:25 +02:00
sctp_crc32.c
sctp: Use m_apply() to calcuate a checksum for an mbuf chain
2021-11-16 13:36:30 -05:00
sctp_crc32.h
Add the SCTP_SUPPORT kernel option.
2020-06-18 19:32:34 +00:00
sctp_header.h
Whitespace changes.
2020-09-24 12:26:06 +00:00
sctp_indata.c
sctp: Fix errno in case of association setup failures
2021-07-09 23:19:25 +02:00
sctp_indata.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_input.c
sctp: Fix a typo in a comment
2021-09-26 15:15:39 +02:00
sctp_input.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_kdtrace.c
sctp_kdtrace.h
sctp_lock_bsd.h
sctp: Simplify stream scheduler usage
2021-09-21 17:13:57 +02:00
sctp_module.c
Provide support for building SCTP as a loadable module.
2020-07-10 14:56:05 +00:00
sctp_os_bsd.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_os.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_output.c
sctp: fix usage of stream scheduler functions
2021-09-28 05:25:58 +02:00
sctp_output.h
Whitespace changes.
2020-09-24 12:26:06 +00:00
sctp_pcb.c
sctp: Simplify stream scheduler usage
2021-09-21 17:13:57 +02:00
sctp_pcb.h
sctp: Tighten up locking around sctp_aloc_assoc()
2021-09-11 10:15:21 -04:00
sctp_peeloff.c
sctp: Remove an unused sctp_inpcb field
2021-09-07 11:19:29 -04:00
sctp_peeloff.h
sctp_ss_functions.c
sctp: improve KASSERT messages
2021-10-08 11:33:56 +02:00
sctp_structs.h
sctp: Cleanup stream schedulers.
2021-09-23 14:16:56 +02:00
sctp_syscalls.c
Convert remaining cap_rights_init users to cap_rights_init_one
2021-01-12 13:16:10 +00:00
sctp_sysctl.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_sysctl.h
Improve the handling of cookie life times.
2020-10-16 10:44:48 +00:00
sctp_timer.c
sctp: avoid locking an already locked mutex
2021-09-28 05:17:03 +02:00
sctp_timer.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_uio.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp_usrreq.c
sctp: Cleanup stream schedulers.
2021-09-23 14:16:56 +02:00
sctp_var.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
sctp.h
Improve the handling of cookie life times.
2020-10-16 10:44:48 +00:00
sctputil.c
netinet: Fix a common typo in source code comments
2021-11-03 16:21:49 +01:00
sctputil.h
sctp: Fix errno in case of association setup failures
2021-07-09 23:19:25 +02:00
siftr.c
SIFTR: Fix compilation with -DSIFTR_IPV6
2021-11-04 00:32:17 +00:00
tcp_accounting.h
This brings into sync FreeBSD with the netflix versions of rack and bbr.
2021-05-06 11:22:26 -04:00
tcp_debug.c
tcp_debug.h
inet: remove tcp_debug from netinet/tcp_debug.h
2021-11-01 23:10:30 +00:00
tcp_fastopen.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
tcp_fastopen.h
tcp_fsm.h
tcp: Remove unused v6 state definitions
2021-08-27 08:31:32 -04:00
tcp_hostcache.c
tcp_hostcache: use SMR for lookups, mutex(9) for updates.
2021-04-20 10:02:20 -07:00
tcp_hpts.c
tcp: Fix 32 bit platform breakage
2021-07-08 08:16:45 -04:00
tcp_hpts.h
tcp: HPTS performance enhancements
2021-07-07 07:22:35 -04:00
tcp_input.c
blackhole(4): disable for locally originated TCP/UDP packets
2021-11-03 13:02:44 -07:00
tcp_log_buf.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
tcp_log_buf.h
tcp: Add hystart-plus to cc_newreno and rack.
2021-10-22 07:10:28 -04:00
tcp_lro.c
Use layer five checksum flags in the mbuf packet header to pass on crypto state.
2021-11-04 18:52:06 +01:00
tcp_lro.h
Update the TCP LRO code to handle both encrypted and un-encrypted traffic.
2021-08-06 11:28:44 +02:00
tcp_offload.c
Path MTU discovery hooks for offloaded TCP connections.
2021-04-21 13:00:16 -07:00
tcp_offload.h
Path MTU discovery hooks for offloaded TCP connections.
2021-04-21 13:00:16 -07:00
tcp_output.c
tcp: Preparation for allowing hardware TLS to be able to kick a tcp connection that is retransmitting too much out of hardware and back to software.
2021-06-25 09:30:54 -04:00
tcp_pcap.c
Step 4.2: start divorce of M_EXT and M_EXTPG
2020-05-03 00:37:16 +00:00
tcp_pcap.h
tcp_ratelimit.c
Add a switch structure for send tags.
2021-09-14 11:43:41 -07:00
tcp_ratelimit.h
This takes Warners suggested approach to making it so that
2021-05-07 17:32:32 -04:00
tcp_reass.c
tcp: A better fix for the previously attempted fix of the ack-war issue with tcp.
2021-06-04 05:26:43 -04:00
tcp_sack.c
tcp: Make dsack stats available in netstat and also make sure its aware of TLP's.
2021-10-01 10:36:27 -04:00
tcp_seq.h
tcp_stats.c
tcp_subr.c
tcp: Fix a locking issue related to logging
2021-11-14 15:04:27 +01:00
tcp_syncache.c
Unbreak TFO, that was broken with 8d5719aa74f. These two assignments
2021-06-22 16:03:44 -07:00
tcp_syncache.h
tcp: add support for TCP over UDP
2021-04-18 16:16:42 +02:00
tcp_timer.c
tcp_timers: check for (INP_TIMEWAIT | INP_DROPPED) only once
2021-11-13 08:32:06 -08:00
tcp_timer.h
kern: net: remove TCP_LINGERTIME
2021-02-18 22:36:01 -06:00
tcp_timewait.c
Enable net.inet.tcp.nolocaltimewait.
2021-10-28 15:34:00 -07:00
tcp_usrreq.c
tcp_usr_detach: revert debugging piece from f5cf1e5f5a500.
2021-11-13 08:33:32 -08:00
tcp_var.h
Factor out tcp6_use_min_mtu() to handle IPV6_USE_MIN_MTU by TCP.
2021-10-27 08:22:00 -07:00
tcp.h
tcp: socket option to get stack alias name
2021-10-27 08:21:59 -07:00
tcpip.h
toecore.c
routing: Allow using IPv6 next-hops for IPv4 routes (RFC 5549).
2021-08-22 22:56:08 +00:00
toecore.h
Path MTU discovery hooks for offloaded TCP connections.
2021-04-21 13:00:16 -07:00
udp_usrreq.c
blackhole(4): disable for locally originated TCP/UDP packets
2021-11-03 13:02:44 -07:00
udp_var.h
blackhole(4): disable for locally originated TCP/UDP packets
2021-11-03 13:02:44 -07:00
udp.h
udplite.h