On 20 Jul 2021, at 12:40, Dmitry Chagin wrote:
On Tue, Jul 20, 2021 at 08:36:54AM +0000, Kristof Provost wrote:
The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=8e1864ed07121b479b95d7e3a5931a9e0ffd4713
commit 8e1864ed07121b479b95d7e3a5931a9e0ffd4713
Author: Kristof Provost <[email protected]>
AuthorDate: 2021-05-20 09:54:41 +0000
Commit: Kristof Provost <[email protected]>
CommitDate: 2021-07-20 08:36:13 +0000
pf: syncookie support
Import OpenBSD's syncookie support for pf. This feature help pf
resist
TCP SYN floods by only creating states once the remote host
completes
the TCP handshake rather than when the initial SYN packet is
received.
This is accomplished by using the initial sequence numbers to
encode a
cookie (hence the name) in the SYN+ACK response and verifying
this on
receipt of the client ACK.
Reviewed by: kbowling
Obtained from: OpenBSD
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D31138
NOINET6 build fails
LINT did too. It should be fixed in
b972a7fa9e1e01367435a5699b71cc7b5e494fee
Best regards,
Kristof
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "[email protected]"
