| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Jun 2012 10:18:24 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: David Miller <davem@...emloft.net> Cc: netdev <netdev@...r.kernel.org> Subject: Re: [RFC] tcp demux used to signal ip_route_input_noref to not cache dst On Wed, 2012-06-27 at 09:52 +0200, Eric Dumazet wrote: > I'll test the following patch in a moment. > > For the moment, set nocache to true for all frames not associated to an > ESTABLISHED socket. Not sure we want to test SYN flag after all. > > include/net/protocol.h | 2 +- > include/net/route.h | 8 ++++---- > include/net/tcp.h | 2 +- > net/ipv4/arp.c | 2 +- > net/ipv4/ip_fragment.c | 2 +- > net/ipv4/ip_input.c | 5 +++-- > net/ipv4/route.c | 8 +++++--- > net/ipv4/tcp_ipv4.c | 4 +++- > net/ipv4/xfrm4_input.c | 2 +- > 9 files changed, 20 insertions(+), 15 deletions(-) Excellent results. I am now able to resist to DDOS synflood attacks, with no route cache pollution, and no more rt_garbage_collect() hits. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists