ICMP attacks against TCP and PMTUD
Nikolay Denev
ndenev at gmail.com
Sun Jan 15 19:52:52 UTC 2012
On 15.01.2012, at 21:35, Andrey Zonov <andrey at zonov.org> wrote:
> This helped me:
> /boot/loader.conf
> net.inet.tcp.hostcache.hashsizee536
> net.inet.tcp.hostcache.cachelimit�66080
>
> Actually, this is a workaround. As I remember, real problem is in
> tcp_ctlinput(), it could not update MTU for destination IP if hostcache
> allocation fails. tcp_hc_updatemtu() should returns NULL if
> tcp_hc_insert() returns NULL and tcp_ctlinput() should check this case
> and sets updated MTU for this particular connection if
> tcp_hc_updatemtu() fails. Otherwise we've got infinite loop in MTU
> discovery.
>
>
> On 15.01.2012 22:59, Nikolay Denev wrote:
>>
>> % uptime
>> 7:57PM up 608 days, 4:06, 1 user, load averages: 0.30, 0.21, 0.17
>>
>> % vmstat -z|grep hostcache
>> hostcache: 136, 15372, 15136, 236, 44946965, 10972760
>>
>>
>> Hmm… probably I should increase this….
>>
>
> --
> Andrey Zonov
Thanks, I will test this asap!
Regards,
Nikolay
More information about the freebsd-net
mailing list