diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-03-29 18:13:20 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-03-29 18:13:20 +0000 |
| commit | 93d457b20f31bbce79c2aaaeff403a19c98845c5 (patch) | |
| tree | 95bc28d69b546a7703c6ba62895035d7ad97851b /sys/netinet/tcp_input.c | |
| parent | Check if a device is present (using _STA) in acpi_foundhid. This prevents (diff) | |
| download | wireguard-openbsd-93d457b20f31bbce79c2aaaeff403a19c98845c5.tar.xz wireguard-openbsd-93d457b20f31bbce79c2aaaeff403a19c98845c5.zip | |
Allow to adjust tcp_syn_use_limit with sysctl net.inet.tcp.synuselimit.
This is convenient to test the feature and may be useful to defend
against syn flooding in a denial of service condition. It is
consistent to the existing syn cache sysctls. Move some declarations
to tcp_var.h to access the syn cache sets from tcp_sysctl().
OK mpi@
Diffstat (limited to 'sys/netinet/tcp_input.c')
| -rw-r--r-- | sys/netinet/tcp_input.c | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 0e72174b56f..855a07ae017 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.316 2016/03/27 19:19:01 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.317 2016/03/29 18:13:20 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3255,19 +3255,12 @@ tcp_mss_adv(struct mbuf *m, int af) */ /* syn hash parameters */ -#define TCP_SYN_HASH_SIZE 293 -#define TCP_SYN_BUCKET_SIZE 35 int tcp_syn_cache_size = TCP_SYN_HASH_SIZE; int tcp_syn_cache_limit = TCP_SYN_HASH_SIZE*TCP_SYN_BUCKET_SIZE; int tcp_syn_bucket_limit = 3*TCP_SYN_BUCKET_SIZE; int tcp_syn_use_limit = 100000; -struct syn_cache_set { - struct syn_cache_head scs_buckethead[TCP_SYN_HASH_SIZE]; - int scs_count; - int scs_use; - u_int32_t scs_random[5]; -} tcp_syn_cache[2]; +struct syn_cache_set tcp_syn_cache[2]; int tcp_syn_cache_active; #define SYN_HASH(sa, sp, dp, rand) \ |