|
|
[RFC PATCH 0/2] Faster/parallel SYN handling to mitigate SYN floods |
The following series is a RFC (Request For Comments) for implementing
a faster and parallel handling of TCP SYN connections, to mitigate SYN
flood attacks. This is against DaveM's net (f0d1b3c2bc), as net-next
is closed, as DaveM has mentioned numerous times ;-)
Only IPv4 TCP is handled here. The IPv6 TCP code also need to be
updated, but I'll deal with that part after we have agreed on a
solution for IPv4 TCP.
Patch 1/2: Is a cleanup, where I split out the SYN cookie handling
from tcp_v4_conn_request() into tcp_v4_syn_conn_limit().
Patch 2/2: Move tcp_v4_syn_conn_limit() outside bh_lock_sock() in
tcp_v4_rcv(). I would like some input on, (1) if this safe without
the lock, (2) if we need to do some sock lookup, before calling
tcp_v4_syn_conn_limit() (Christoph Paasch
<christoph.paasch@xxxxxxxxxxxx> mentioned something about SYN
retransmissions)
---
Jesper Dangaard Brouer (2):
tcp: Early SYN limit and SYN cookie handling to mitigate SYN floods
tcp: extract syncookie part of tcp_v4_conn_request()
net/ipv4/tcp_ipv4.c | 131 ++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 107 insertions(+), 24 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Kernel Discussion] [Ethernet Bridging] [Linux Wireless Networking] [Linux Bluetooth Networking] [Linux Networking Users] [VLAN] [Git] [IETF Annouce] [Linux Assembly] [Security] [Bugtraq] [Photo] [Singles Social Networking] [Yosemite Information] [MIPS Linux] [ARM Linux Kernel] [ARM Linux] [Linux Virtualization] [Linux Security] [Linux IDE] [Linux RAID] [Linux SCSI] [Free Dating]
|
|