[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Synproxy broken on latest snapshots?
Patch fixed it.
Now another question, before patch synproxy worked, kinda, with a
bridge. It would take 3-5 seconds to open the session, but it was
blocking a synflood with 20% CPU used by interrupts (P3 1Ghz). It
only "worked" with a bridge though. States were limited to 250,000
and it would use all of them given enough time. Right now with the
same flood interrupts are eating 75-80% CPU and my state table is much
My early numbers are from a snapshot few weeks ago, newest figures are
from -current + the patch from a few hours ago.
I know synproxy was not working properly before, but why the huge
increase in interrupt processing? Its about 30,000 packets/second
flood, originating locally on another router interface.
Another thing, I see some TCP connections being handed off to the
server behind the bridge. Since its a spoofed syn-flood that I
started none of the "client" IPs should respond right? Is it just
poorly configured devices on those IPs?
tcp 0 0 18.104.22.168:80 22.214.171.124:1004 ESTABLISHED
tcp 0 0 126.96.36.199:80 188.8.131.52:1513 ESTABLISHED
tcp 0 0 184.108.40.206:80 220.127.116.11:2447 ESTABLISHED
Oddly none of those IPs are shown with a pfctl -ss
On Thu, 1 Jul 2004 20:39:28 +0200, Daniel Hartmeier
<[email protected]> wrote:
> On Wed, Jun 30, 2004 at 04:47:00PM -0500, Kevin wrote:
> > Unable to get synproxy working using snapshot dated June 28,
> > previously was using one from about 2 weeks ago which also did not
> > work.
> Can you try the patch in
> and tell me whether it affects/fixes the problem? I've never gotten any
> feedback on that.