In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] writes:
>
> Just a quick note for those of you using accept filters with a 4.4+ kernel
> using the syncache: Your accept filters are broken, and easily DoSable.
>
> The fix (attached) has now been committed to both 5.0 and 4.5, so I
> recommend doing one of two things if you're using accept filters:
>
> 1. Stop using them.
How does one know if one is? No man page(s) on "syncache", but I did
glean this:
[sheol] ~$ sysctl -a |grep syncache
syncache: 160, 15359, 0, 51, 95
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncache.cachelimit: 15359
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.rexmtlimit: 3
How does one set up filters and tear them down?
Regarding another reply: Whom do I lobby to get this into RELENG_4_5?
I don't want to have to re-apply this patch after every 'cvsup'...
TIA,
Dave
--
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
