tcp_timewait.c (124248) | tcp_timewait.c (124258) |
---|---|
1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 | 1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 |
34 * $FreeBSD: head/sys/netinet/tcp_timewait.c 124248 2004-01-08 11:17:11Z andre $ | 34 * $FreeBSD: head/sys/netinet/tcp_timewait.c 124258 2004-01-08 17:40:07Z andre $ |
35 */ 36 37#include "opt_compat.h" 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_mac.h" 41#include "opt_tcpdebug.h" 42 --- 73 unchanged lines hidden (view full) --- 116 117#ifdef INET6 118int tcp_v6mssdflt = TCP6_MSS; 119SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, 120 CTLFLAG_RW, &tcp_v6mssdflt , 0, 121 "Default TCP Maximum Segment Size for IPv6"); 122#endif 123 | 35 */ 36 37#include "opt_compat.h" 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_mac.h" 41#include "opt_tcpdebug.h" 42 --- 73 unchanged lines hidden (view full) --- 116 117#ifdef INET6 118int tcp_v6mssdflt = TCP6_MSS; 119SYSCTL_INT(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, 120 CTLFLAG_RW, &tcp_v6mssdflt , 0, 121 "Default TCP Maximum Segment Size for IPv6"); 122#endif 123 |
124/* 125 * Minimum MSS we accept and use. This prevents DoS attacks where 126 * we are forced to a ridiculous low MSS like 20 and send hundreds 127 * of packets instead of one. The effect scales with the available 128 * bandwidth and quickly saturates the CPU and network interface 129 * with packet generation and sending. Set to zero to disable MINMSS 130 * checking. This setting prevents us from sending too small packets. 131 */ 132int tcp_minmss = TCP_MINMSS; 133SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmss, CTLFLAG_RW, 134 &tcp_minmss , 0, "Minmum TCP Maximum Segment Size"); 135/* 136 * Number of TCP segments per second we accept from remote host 137 * before we start to calculate average segment size. If average 138 * segment size drops below the minimum TCP MSS we assume a DoS 139 * attack and reset+drop the connection. Care has to be taken not to 140 * set this value too small to not kill interactive type connections 141 * (telnet, SSH) which send many small packets. 142 */ 143int tcp_minmssoverload = TCP_MINMSSOVERLOAD; 144SYSCTL_INT(_net_inet_tcp, OID_AUTO, minmssoverload, CTLFLAG_RW, 145 &tcp_minmssoverload , 0, "Number of TCP Segments per Second allowed to" 146 "be under the MINMSS Size"); 147 |
|
124#if 0 125static int tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ; 126SYSCTL_INT(_net_inet_tcp, TCPCTL_RTTDFLT, rttdflt, CTLFLAG_RW, 127 &tcp_rttdflt , 0, "Default maximum TCP Round Trip Time"); 128#endif 129 130int tcp_do_rfc1323 = 1; 131SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, --- 1764 unchanged lines hidden --- | 148#if 0 149static int tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ; 150SYSCTL_INT(_net_inet_tcp, TCPCTL_RTTDFLT, rttdflt, CTLFLAG_RW, 151 &tcp_rttdflt , 0, "Default maximum TCP Round Trip Time"); 152#endif 153 154int tcp_do_rfc1323 = 1; 155SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, --- 1764 unchanged lines hidden --- |