Re: syn cache hash size sysctl

2016-07-19 Thread Joerg Jung
> Am 19.07.2016 um 23:16 schrieb Alexander Bluhm : > >> On Tue, Jul 19, 2016 at 09:48:19PM +0100, Jason McIntyre wrote: >> oh oh. i should have been clearer: they are sorted in sysctl(3), but in >> sysctl(8) they are merely listed in the order that running "sysctl" >>

Re: syn cache hash size sysctl

2016-07-19 Thread Alexander Bluhm
On Tue, Jul 19, 2016 at 09:48:19PM +0100, Jason McIntyre wrote: > oh oh. i should have been clearer: they are sorted in sysctl(3), but in > sysctl(8) they are merely listed in the order that running "sysctl" > dumps them. so no sort neccessary for sysctl(8). So now sysctl(8) has all net.inet.tcp

Re: syn cache hash size sysctl

2016-07-19 Thread Claudio Jeker
On Tue, Jul 19, 2016 at 10:40:14PM +0200, Alexander Bluhm wrote: > On Tue, Jul 19, 2016 at 09:19:25PM +0100, Jason McIntyre wrote: > > On Tue, Jul 19, 2016 at 10:09:47PM +0200, Alexander Bluhm wrote: > > > On Tue, Jul 19, 2016 at 08:55:58PM +0200, Joerg Jung wrote: > > > > Please, also document

Re: syn cache hash size sysctl

2016-07-19 Thread Alexander Bluhm
On Tue, Jul 19, 2016 at 09:19:25PM +0100, Jason McIntyre wrote: > On Tue, Jul 19, 2016 at 10:09:47PM +0200, Alexander Bluhm wrote: > > On Tue, Jul 19, 2016 at 08:55:58PM +0200, Joerg Jung wrote: > > > Please, also document it, at least in sysctl(8). Next try, with input from jmc@ bluhm Index:

Re: syn cache hash size sysctl

2016-07-19 Thread Alexander Bluhm
On Tue, Jul 19, 2016 at 08:55:58PM +0200, Joerg Jung wrote: > Please, also document it, at least in sysctl(8). like this? bluhm Index: lib/libc/gen/sysctl.3 === RCS file: /data/mirror/openbsd/cvs/src/lib/libc/gen/sysctl.3,v

Re: syn cache hash size sysctl

2016-07-19 Thread Joerg Jung
On Tue, Jul 19, 2016 at 06:13:42PM +0200, Alexander Bluhm wrote: > Hi, > > claudio@ suggested to have a tunable size for the syn cache hash > array. As we are swapping between two syn caches for random reseeding > anyway, this feature can be added easily. When the cache is empty, > we can

syn cache hash size sysctl

2016-07-19 Thread Alexander Bluhm
Hi, claudio@ suggested to have a tunable size for the syn cache hash array. As we are swapping between two syn caches for random reseeding anyway, this feature can be added easily. When the cache is empty, we can change the hash size. This allows an admin under SYN flood attack to tune his