Diffusion FreeBSD src repository cb8d7c44d6ac

tcp_syncache: add net.inet.tcp.syncache.see_other sysctl
cb8d7c44d6ac
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

tcp_syncache: add net.inet.tcp.syncache.see_other sysctl

A security feature from c06f087ccb12 appeared to be a huge bottleneck
under SYN flood. To mitigate that add a sysctl that would make
syncache(4) globally visible, ignoring UID/GID, jail(2) and mac(4)
checks. When turned on, we won't need to call crhold() on the listening
socket credential for every incoming SYN packet.

Reviewed by: bz

Details

Provenance

Authored on Mar 19 2021, 7:22 AM

Parents

rG34256484aff2: Revert "nfsd: cut the Linux NFSv4.1/4.2 some slack w.r.t. RFC5661"

Branches

Unknown

Tags

Unknown

Event Timeline

glebius committed rGcb8d7c44d6ac: tcp_syncache: add net.inet.tcp.syncache.see_other sysctl (authored by glebius).Apr 15 2021, 10:26 PM

glebius mentioned this in rG77a84a305e00: syncache.4: fix mandoc in cb8d7c44d6a.Apr 15 2021, 10:50 PM

Changes (3)

Path

Size

share/

man/

man4/

sys/

netinet/

rGcb8d7c44d6ac

share/man/man4/syncache.4

Loading...

sys/netinet/tcp_syncache.c

Loading...

sys/netinet/tcp_syncache.h

Loading...