diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-03-31 13:11:15 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-03-31 13:11:15 +0000 |
| commit | b8c5cd178731469c83c56a8b94f3ac060d1e6618 (patch) | |
| tree | 805ea50aa57c4d1f67dd5d72b9b5bc86f603a133 /sys/netinet | |
| parent | 00800a30f1069d59f15bf68f10d8e88bf0d0241d (diff) | |
If one of the TCP syn cache buckets overflow, it might be a collision
attack against our hash function. In this case, switch to the
passive syn cache as soon as possible. It will start with a new
random seed for the hash.
input and OK mpi@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/tcp_input.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 855a07ae017..f6d9e734347 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.317 2016/03/29 18:13:20 bluhm Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.318 2016/03/31 13:11:14 bluhm Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -3393,6 +3393,11 @@ syn_cache_insert(struct syn_cache *sc, struct tcpcb *tp) if (scp->sch_length >= tcp_syn_bucket_limit) { tcpstat.tcps_sc_bucketoverflow++; /* + * Someone might attack our bucket hash function. Reseed + * with random as soon as the passive syn cache gets empty. + */ + set->scs_use = 0; + /* * The bucket is full. Toss the oldest element in the * bucket. This will be the first entry in the bucket. */ |