PERFORCE change 194411 for review

Catalin Nicutar cnicutar at FreeBSD.org
Tue Jun 7 18:55:32 UTC 2011 

http://p4web.freebsd.org/@@194411?ac=10

Change 194411 by cnicutar at cnicutar_cronos on 2011/06/07 18:54:45

	Add sysctls for TCP UTO

Affected files ...

.. //depot/projects/soc2011/cnicutar_tcputo_8/src/sys/netinet/tcp.h#2 edit
.. //depot/projects/soc2011/cnicutar_tcputo_8/src/sys/netinet/tcp_subr.c#2 edit

Differences ...

==== //depot/projects/soc2011/cnicutar_tcputo_8/src/sys/netinet/tcp.h#2 (text+ko) ====

@@ -103,6 +103,15 @@
 
 
 /*
+ * The timeout ranges for TCP UTO have security implications; in particular,
+ * long timeouts might allow for denial-of-service attacks.
+ */
+#define TCP_UTOMIN	100	/* Minimum acceptable timeout */
+#define TCP_UTODEF	300	/* Default advertised timeout */
+#define TCP_UTOMAX	600	/* Maximum advertised timeout */
+
+
+/*
  * Default maximum segment size for TCP.
  * With an IP MTU of 576, this is 536,
  * but 512 is probably more convenient.

==== //depot/projects/soc2011/cnicutar_tcputo_8/src/sys/netinet/tcp_subr.c#2 (text+ko) ====

@@ -168,6 +168,29 @@
 	return (sysctl_msec_to_ticks(oidp, arg1, arg2, req));
 }
 
+SYSCTL_NODE(_net_inet_tcp, OID_AUTO, uto, CTLFLAG_RW, 0, "TCP UTO");
+
+VNET_DEFINE(int, uto_enable) = 1;
+SYSCTL_VNET_INT(_net_inet_tcp_uto, OID_AUTO, enable, CTLFLAG_RW,
+    &VNET_NAME(uto_enable), 0,
+    "Enable TCP UTO for all connections");
+
+VNET_DEFINE(int, uto_min_timeout) = TCP_UTOMIN;
+SYSCTL_VNET_INT(_net_inet_tcp_uto, OID_AUTO, min_timeout, CTLFLAG_RW,
+    &VNET_NAME(uto_min_timeout), 0,
+    "Minimum accepted timeout for a connection");
+
+VNET_DEFINE(int, uto_def_timeout) = TCP_UTODEF;
+SYSCTL_VNET_INT(_net_inet_tcp_uto, OID_AUTO, def_timeout, CTLFLAG_RW,
+    &VNET_NAME(uto_def_timeout), 0,
+    "Default advertised timeout for all connections");
+
+VNET_DEFINE(int, uto_max_timeout) = 600;
+SYSCTL_VNET_INT(_net_inet_tcp_uto, OID_AUTO, max_timeout, CTLFLAG_RW,
+    &VNET_NAME(uto_max_timeout), 0,
+    "Maximum accepted timeout for a connection");
+
+
 /*
  * Minimum MSS we accept and use. This prevents DoS attacks where
  * we are forced to a ridiculous low MSS like 20 and send hundreds

More information about the p4-projects mailing list