[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Synproxy broken on latest snapshots?



Patch fixed it.
Now another question, before patch synproxy worked, kinda, with a
bridge.  It would take 3-5 seconds to open the session, but it was
blocking a synflood with 20% CPU used by interrupts (P3 1Ghz).  It
only "worked" with a bridge though.  States were limited to 250,000
and it would use all of them given enough time.  Right now with the
same flood interrupts are eating 75-80% CPU and my state table is much
smaller, 20-25,000.
My early numbers are from a snapshot few weeks ago, newest figures are
from -current + the patch from a few hours ago.
I know synproxy was not working properly before, but why the huge
increase in interrupt processing?  Its about 30,000 packets/second
flood, originating locally on another router interface.
Another thing, I see some TCP connections being handed off to the
server behind the bridge.  Since its a spoofed syn-flood that I
started none of the "client" IPs should respond right?  Is it just
poorly configured devices on those IPs?
tcp        0      0 216.15.185.10:80        17.185.163.20:1004      ESTABLISHED 
tcp        0      0 216.15.185.10:80        63.162.105.196:1513     ESTABLISHED 
tcp        0      0 216.15.185.10:80        129.118.156.149:2447    ESTABLISHED 
Oddly none of those IPs are shown with a pfctl -ss
Thanks,
Kevin
On Thu, 1 Jul 2004 20:39:28 +0200, Daniel Hartmeier
<[email protected]> wrote:
> 
> On Wed, Jun 30, 2004 at 04:47:00PM -0500, Kevin wrote:
> 
> > Unable to get synproxy working using snapshot dated June 28,
> > previously was using one from about 2 weeks ago which also did not
> > work.
> 
> Can you try the patch in
> 
>   http://www.benzedrine.cx/pf/msg04725.html
> 
> and tell me whether it affects/fixes the problem? I've never gotten any
> feedback on that.
> 
> Daniel
>