Re: netkill - generic remote DoS attack

[green () FREEBSD ORG (Brian Fundakowski Feldman)]

On Wed, 3 May 2000, stanislav shalunov wrote:

> > You didn't test it against FreeBSD 4.0 or 5.0 did you?
>
> The document was written (and provided to FreeBSD team as well as
> others) in February, and I used 3.x.  I know that 4.0 has changed
> behavior to partially fix netkill, but since I didn't want to gather
> updates from other vendors I didn't mention status update for FreeBSD.

The code to prevent the machine from just giving up and panicking in an
mbuf starvation situation has been around a long time now.  The behavior
in 4.0 wasn't to "partially fix netkill"; it was to make the system
resilient to any mbuf-starvation attacks.

green       1999/12/11 21:52:51 PST

  Modified files:
    sys/conf             param.c
    sys/kern             uipc_mbuf.c uipc_socket.c uipc_syscalls.c
    sys/sys              mbuf.h
  Log:
  This is Bosko Milekic's mbuf allocation waiting code.  Basically, this
  means that running out of mbuf space isn't a panic anymore, and code
  which runs out of network memory will sleep to wait for it.

  Submitted by: Bosko Milekic <bmilekic () dsuper net>
  Reviewed by:  green, wollman

--
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green () FreeBSD org                    `------------------------------'