From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Jesper Dangaard Brouer <brouer@redhat.com>,
netdev@vger.kernel.org,
Christoph Paasch <christoph.paasch@uclouvain.be>,
Eric Dumazet <eric.dumazet@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Martin Topholm <mph@hoth.dk>
Cc: Florian Westphal <fw@strlen.de>,
Hans Schillstrom <hans.schillstrom@ericsson.com>
Subject: [RFC v2 PATCH 0/3] tcp: Parallel SYN brownies patch series to mitigate SYN floods
Date: Thu, 31 May 2012 15:39:53 +0200 [thread overview]
Message-ID: <20120531133807.10311.79711.stgit@localhost.localdomain> (raw)
The following series is dubbed SYN brownies. The purpose is mitigate
the effect of SYN flood DDoS attacks. This is done by making the SYN
cookies stage parallel. In normal (non-overload) situations SYN
packets are still processed under the bh_lock_sock().
This SYN brownies patch series will not be merged right away, as Eric
Dumazet is working on a fully parallel SYN stage. Until that emerges
and gets integrated, I recommend people with SYN flood issues, to use
these patches to fix your immediate overload situations.
Thus, these patches can only be merged at Eric Dumazet's will/ACK, if
he determines they don't conflict with his work.
Only IPv4 TCP is handled here. The IPv6 TCP code also need to be
updated, but I'll deal with that part after, Eric Dumazet, have
settled on a fully parallel SYN processing stage.
This is patch set have been tested on top Linus'es tree of
commit v3.4-9209-gd590f9a.
---
Jesper Dangaard Brouer (3):
tcp: SYN retransmits, fallback to slow-locked/no-cookie path
tcp: Early SYN limit and SYN cookie handling to mitigate SYN floods
tcp: extract syncookie part of tcp_v4_conn_request()
net/ipv4/tcp_ipv4.c | 154 +++++++++++++++++++++++++++++++++++++++++--------
net/ipv4/tcp_output.c | 20 ++++--
2 files changed, 144 insertions(+), 30 deletions(-)
next reply other threads:[~2012-05-31 13:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-31 13:39 Jesper Dangaard Brouer [this message]
2012-05-31 13:39 ` [RFC v2 PATCH 1/3] tcp: extract syncookie part of tcp_v4_conn_request() Jesper Dangaard Brouer
2012-05-31 13:40 ` [RFC v2 PATCH 2/3] tcp: Early SYN limit and SYN cookie handling to mitigate SYN floods Jesper Dangaard Brouer
2012-05-31 13:40 ` [RFC v2 PATCH 3/3] tcp: SYN retransmits, fallback to slow-locked/no-cookie path Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120531133807.10311.79711.stgit@localhost.localdomain \
--to=brouer@redhat.com \
--cc=christoph.paasch@uclouvain.be \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=fw@strlen.de \
--cc=hans.schillstrom@ericsson.com \
--cc=mph@hoth.dk \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).