mirror of
https://github.com/opnsense/src.git
synced 2026-02-16 00:58:21 -05:00
08d9c92027
When packet is a SYN packet, we don't need to modify any existing PCB. Normally SYN arrives on a listening socket, we either create a syncache entry or generate syncookie, but we don't modify anything with the listening socket or associated PCB. Thus create a new PCB lookup mode - rlock if listening. This removes the primary contention point under SYN flood - the listening socket PCB. Sidenote: when SYN arrives on a synchronized connection, we still don't need write access to PCB to send a challenge ACK or just to drop. There is only one exclusion - tcptw recycling. However, existing entanglement of tcp_input + stacks doesn't allow to make this change small. Consider this patch as first approach to the problem. Reviewed by: rrs Differential revision: https://reviews.freebsd.org/D29576 |
||
|---|---|---|
| .. | ||
| audit | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ifoff | ||
| mac_lomac | ||
| mac_mls | ||
| mac_none | ||
| mac_ntpd | ||
| mac_partition | ||
| mac_portacl | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||
| mac_veriexec | ||
| mac_veriexec_parser | ||