ICMP attacks against TCP and PMTUD
Andrey Zonov
andrey at zonov.org
Sun Jan 15 19:35:22 UTC 2012
This helped me:
/boot/loader.conf
net.inet.tcp.hostcache.hashsize=65536
net.inet.tcp.hostcache.cachelimit=1966080
Actually, this is a workaround. As I remember, real problem is in
tcp_ctlinput(), it could not update MTU for destination IP if hostcache
allocation fails. tcp_hc_updatemtu() should returns NULL if
tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case
and sets updated MTU for this particular connection if
tcp_hc_updatemtu() fails. Otherwise we've got infinite loop in MTU
discovery.
On 15.01.2012 22:59, Nikolay Denev wrote:
>
> % uptime
> 7:57PM up 608 days, 4:06, 1 user, load averages: 0.30, 0.21, 0.17
>
> % vmstat -z|grep hostcache
> hostcache: 136, 15372, 15136, 236, 44946965, 10972760
>
>
> Hmm… probably I should increase this….
>
--
Andrey Zonov
More information about the freebsd-net
mailing list