[Bug 192888] ipfw NAT vulnerable to simple DOS attacks
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 19 Jun 2021 20:28:45 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192888
--- Comment #7 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=d261e57deacb0d00d9e827447f235df83dda3e3a
commit d261e57deacb0d00d9e827447f235df83dda3e3a
Author: Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-28 20:36:59 +0000
Commit: Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-06-19 20:12:28 +0000
libalias: Switch to efficient data structure for incoming traffic
Current data structure is using a hash of unordered lists. Those
unordered lists are quite efficient, because the least recently
inserted entries are most likely to be used again. In order to avoid
long search times in other cases, the lists are hashed into many
buckets. Unfortunatly a search for a miss needs an exhaustive
inspection and a careful definition of the hash.
Splay trees offer a similar feature: Almost O(1) for access of the
least recently used entries, and amortized O(ln(n)) for almost all
other cases. Get rid of the hash.
Now the data structure should able to quickly react to external
packets without eating CPU cycles for breakfast, preventing a DoS.
PR: 192888
Discussed with: Dimitry Luhtionov
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30536
sys/netinet/libalias/alias_db.c | 75 +++++++++++++++++---------------------
sys/netinet/libalias/alias_local.h | 6 +--
2 files changed, 36 insertions(+), 45 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.