[4194] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Racer X)
Tue Aug 27 02:06:13 1996
Date: Tue, 27 Aug 1996 00:14:34 -0400 (EDT)
From: Racer X <shagboy@wspice.com>
Reply-To: shagboy@bluesky.net
To: Thomas Quinot <thomas@cuivre.fdn.fr>
cc: submit-linux-dev-net@ratatosk.yggdrasil.com
In-Reply-To: <4vqr8e$55c@melchior.cuivre.fdn.fr>
On 26 Aug 1996, Thomas Quinot wrote:
> Precisely, "should" (as per RFC1912, for example). "Should" is not
> "must" ; consequently, accepting or denying connections based on the
> presence or absence of reverse mapping is a policy issue, and as so
> is very unlikely to be implemented in the kernel's TCP stack.
All we have to do is add a hook to allow the behavior to be changed to
suit. Before accepting any connection, the kernel checks to see if a
CHECK_REVERSE flag is set. If it's not, we don't care if we can reverse
them or not. The only time we set the flag is when we think there's a
SYN flood occuring, which can be checked for (and the flag changed by) a
userland daemon.
shag
Judd Bourgeois | When we are planning for posterity,
shagboy@bluesky.net | we ought to remember that virtue is
Finger for PGP key | not hereditary. Thomas Paine
