| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1338367824.2760.128.camel@edumazet-glaptop> Date: Wed, 30 May 2012 10:50:24 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Jesper Dangaard Brouer <brouer@...hat.com> Cc: christoph.paasch@...ouvain.be, netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Martin Topholm <mph@...h.dk>, Florian Westphal <fw@...len.de>, opurdila@...acom.com, Hans Schillstrom <hans.schillstrom@...csson.com>, Andi Kleen <andi@...stfloor.org> Subject: Re: [RFC PATCH 0/2] Faster/parallel SYN handling to mitigate SYN floods On Wed, 2012-05-30 at 10:44 +0200, Jesper Dangaard Brouer wrote: > Choosing that code path, should be easy by simply returning 0 (no_limit) > from my function tcp_v4_syn_conn_limit(), to indicate that the normal > slow code path should be chosen. > > I guess this will not pose a big attack angle, as the entries in > reqsk_queue will be fairly small. Not sure what you mean. I know some people have 64K entries in it. (sk_ack_backlog / sk_max_ack_backlog being 16bits, listen(fd, 65536 + 1) can give unexpected results) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists