git: 8e1864ed0712 - main - pf: syncookie support
Kristof Provost
kp at FreeBSD.org
Tue Jul 20 16:44:44 UTC 2021
On 20 Jul 2021, at 12:40, Dmitry Chagin wrote:
> On Tue, Jul 20, 2021 at 08:36:54AM +0000, Kristof Provost wrote:
>> The branch main has been updated by kp:
>>
>> URL:
>> https://cgit.FreeBSD.org/src/commit/?id=8e1864ed07121b479b95d7e3a5931a9e0ffd4713
>>
>> commit 8e1864ed07121b479b95d7e3a5931a9e0ffd4713
>> Author: Kristof Provost <kp at FreeBSD.org>
>> AuthorDate: 2021-05-20 09:54:41 +0000
>> Commit: Kristof Provost <kp at FreeBSD.org>
>> CommitDate: 2021-07-20 08:36:13 +0000
>>
>> pf: syncookie support
>>
>> Import OpenBSD's syncookie support for pf. This feature help pf
>> resist
>> TCP SYN floods by only creating states once the remote host
>> completes
>> the TCP handshake rather than when the initial SYN packet is
>> received.
>>
>> This is accomplished by using the initial sequence numbers to
>> encode a
>> cookie (hence the name) in the SYN+ACK response and verifying
>> this on
>> receipt of the client ACK.
>>
>> Reviewed by: kbowling
>> Obtained from: OpenBSD
>> MFC after: 1 week
>> Sponsored by: Modirum MDPay
>> Differential Revision: https://reviews.freebsd.org/D31138
>
> NOINET6 build fails
>
LINT did too. It should be fixed in
b972a7fa9e1e01367435a5699b71cc7b5e494fee
Best regards,
Kristof
More information about the dev-commits-src-all
mailing list