]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3425648) | patch
tcp_syncache: add net.inet.tcp.syncache.see_other sysctl
authorGleb Smirnoff <glebius@FreeBSD.org>
Fri, 19 Mar 2021 07:22:36 +0000 (00:22 -0700)
committerGleb Smirnoff <glebius@FreeBSD.org>
Thu, 15 Apr 2021 22:26:48 +0000 (15:26 -0700)
commitcb8d7c44d6acd4f7f6be7f8b762315260f70d896
tree0a84fa93f1703164c2c35ea49c672d1114125e1etree | snapshot
parent34256484aff285f460a98c089b030228448fe19fcommit | diff
tcp_syncache: add net.inet.tcp.syncache.see_other sysctl

A security feature from c06f087ccb12 appeared to be a huge bottleneck
under SYN flood. To mitigate that add a sysctl that would make
syncache(4) globally visible, ignoring UID/GID, jail(2) and mac(4)
checks. When turned on, we won't need to call crhold() on the listening
socket credential for every incoming SYN packet.

Reviewed by: bz
share/man/man4/syncache.4 diff | blob | history
sys/netinet/tcp_syncache.c diff | blob | history
sys/netinet/tcp_syncache.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.