mirror of
https://github.com/opnsense/src.git
synced 2026-02-16 09:08:51 -05:00
08d9c92027
When packet is a SYN packet, we don't need to modify any existing PCB. Normally SYN arrives on a listening socket, we either create a syncache entry or generate syncookie, but we don't modify anything with the listening socket or associated PCB. Thus create a new PCB lookup mode - rlock if listening. This removes the primary contention point under SYN flood - the listening socket PCB. Sidenote: when SYN arrives on a synchronized connection, we still don't need write access to PCB to send a challenge ACK or just to drop. There is only one exclusion - tcptw recycling. However, existing entanglement of tcp_input + stacks doesn't allow to make this change small. Consider this patch as first approach to the problem. Reviewed by: rrs Differential revision: https://reviews.freebsd.org/D29576 |
||
|---|---|---|
| .. | ||
| mac_audit.c | ||
| mac_cred.c | ||
| mac_framework.c | ||
| mac_framework.h | ||
| mac_inet.c | ||
| mac_inet6.c | ||
| mac_internal.h | ||
| mac_label.c | ||
| mac_net.c | ||
| mac_pipe.c | ||
| mac_policy.h | ||
| mac_posix_sem.c | ||
| mac_posix_shm.c | ||
| mac_priv.c | ||
| mac_process.c | ||
| mac_socket.c | ||
| mac_syscalls.c | ||
| mac_system.c | ||
| mac_sysv_msg.c | ||
| mac_sysv_sem.c | ||
| mac_sysv_shm.c | ||
| mac_vfs.c | ||