hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-11 17:04:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
539aabcb54
HardenedBSD/sys/netinet
History
Ruslan Ermilov b5e819ec23 Apply TCP_EXPIRE_CONNECTED (86400 seconds) timeout only to established 
connections, after SYN packets were seen from both ends.  Before this,
it would get applied right after the first SYN packet was seen (either
from client or server).  With broken TCP connection attempts, when the
remote end does not respond with SYNACK nor with RST, this resulted in
having a useless (ie, no actual TCP connection associated with it) TCP
link with 86400 seconds TTL, wasting system memory.  With high rate of
such broken connection attempts (for example, remote end simply blocks
these connection attempts with ipfw(8) without sending RST back), this
could result in a denial-of-service.

PR:		bin/17963
2000-04-14 15:34:55 +00:00
..
libalias Apply TCP_EXPIRE_CONNECTED (86400 seconds) timeout only to established 2000-04-14 15:34:55 +00:00
fil.c Bring over ipfilter v3_3_8 kernel sources, including merging the 2000-02-09 20:56:36 +00:00
icmp6.h Forbid include of soem inet6 header files from wrong place 2000-02-10 19:33:58 +00:00
icmp_var.h
if_atm.c
if_atm.h
if_ether.c PR: kern/17872 2000-04-11 06:55:09 +00:00
if_ether.h
if_fddi.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_gif.c Disable IPv4 over IPv4 tunnel on the 6to4 interface for better security. 2000-03-11 22:11:57 +00:00
in_gif.h add forward declarations, and small cosmetic changes. 2000-01-15 05:20:40 +00:00
in_hostcache.c
in_hostcache.h
in_pcb.c Try and make the kernel build again without INET6. 2000-04-02 03:49:25 +00:00
in_pcb.h
in_proto.c Clean up some loose ends in the network code, including the X.25 and ISO 2000-02-13 03:32:07 +00:00
in_rmx.c
in_systm.h
in_var.h
in.c Change struct sockaddr_storage member name, because following change 2000-01-13 14:52:53 +00:00
in.h Forbid include of soem inet6 header files from wrong place 2000-02-10 19:33:58 +00:00
ip6.h Forbid include of soem inet6 header files from wrong place 2000-02-10 19:33:58 +00:00
ip_auth.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_auth.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_compat.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_divert.c
ip_dummynet.c Forgot one line: don't try to match flags when looking for a flow. 2000-02-11 13:23:14 +00:00
ip_dummynet.h Support for stateful (dynamic) ipfw rules. They are very 2000-02-10 14:17:40 +00:00
ip_ecn.c
ip_ecn.h
ip_fil.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_fil.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_flow.c
ip_flow.h
ip_frag.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_frag.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_ftp_pxy.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_fw.c Fix reporting of src and dst IP addresses for ICMP and generic IP packets. 2000-03-14 14:11:53 +00:00
ip_fw.h Support for stateful (dynamic) ipfw rules. They are very 2000-02-10 14:17:40 +00:00
ip_icmp.c Mitigate the stream.c attacks 2000-01-28 06:13:09 +00:00
ip_icmp.h
ip_input.c Add support for offloading IP/TCP/UDP checksums to NIC hardware which 2000-03-27 19:14:27 +00:00
ip_log.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_mroute.c
ip_mroute.h
ip_nat.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_nat.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_output.c Move htons() ip_len to after the in_delayed_cksum() call. 2000-04-02 16:18:26 +00:00
ip_proxy.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_proxy.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_raudio_pxy.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_rcmd_pxy.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_state.c Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_state.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ip_var.h
ip.h
ipl.h Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine 2000-02-10 21:29:11 +00:00
ipprotosw.h
mlfk_ipl.c Bring over ipfilter v3_3_8 kernel sources, including merging the 2000-02-09 20:56:36 +00:00
raw_ip.c
tcp_debug.c Sorry in this just befor code freeze commit. 2000-01-29 11:49:07 +00:00
tcp_debug.h Sorry in this just befor code freeze commit. 2000-01-29 11:49:07 +00:00
tcp_fsm.h
tcp_input.c Support per socket based IPv4 mapped IPv6 addr enable/disable control. 2000-04-01 22:35:47 +00:00
tcp_output.c Add support for offloading IP/TCP/UDP checksums to NIC hardware which 2000-03-27 19:14:27 +00:00
tcp_reass.c Support per socket based IPv4 mapped IPv6 addr enable/disable control. 2000-04-01 22:35:47 +00:00
tcp_seq.h
tcp_subr.c Add support for offloading IP/TCP/UDP checksums to NIC hardware which 2000-03-27 19:14:27 +00:00
tcp_timer.c
tcp_timer.h
tcp_timewait.c Add support for offloading IP/TCP/UDP checksums to NIC hardware which 2000-03-27 19:14:27 +00:00
tcp_usrreq.c Support per socket based IPv4 mapped IPv6 addr enable/disable control. 2000-04-01 22:35:47 +00:00
tcp_var.h
tcp.h
tcpip.h
udp_usrreq.c Add support for offloading IP/TCP/UDP checksums to NIC hardware which 2000-03-27 19:14:27 +00:00
udp_var.h
udp.h