diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2021-05-20 09:54:41 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2021-07-27 07:42:25 +0000 |
| commit | c3d03672e119df47a43014a212d65983ae2cf230 (patch) | |
| tree | 5f3ebd13949aec207a2d05c1c39191a5103dba01 /sys/modules | |
| parent | 0df576d98e15bbafa73522a099bf0f34990496b4 (diff) | |
| download | src-c3d03672e119df47a43014a212d65983ae2cf230.tar.gz src-c3d03672e119df47a43014a212d65983ae2cf230.zip | |
pf: syncookie support
Import OpenBSD's syncookie support for pf. This feature help pf resist
TCP SYN floods by only creating states once the remote host completes
the TCP handshake rather than when the initial SYN packet is received.
This is accomplished by using the initial sequence numbers to encode a
cookie (hence the name) in the SYN+ACK response and verifying this on
receipt of the client ACK.
Reviewed by: kbowling
Obtained from: OpenBSD
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D31138
(cherry picked from commit 8e1864ed07121b479b95d7e3a5931a9e0ffd4713)
Diffstat (limited to 'sys/modules')
| -rw-r--r-- | sys/modules/pf/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/modules/pf/Makefile b/sys/modules/pf/Makefile index 7293b30cda9d..d361ea0802fb 100644 --- a/sys/modules/pf/Makefile +++ b/sys/modules/pf/Makefile @@ -4,7 +4,7 @@ KMOD= pf SRCS= pf.c pf_if.c pf_lb.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \ - pf_ruleset.c pf_nv.c in4_cksum.c \ + pf_ruleset.c pf_nv.c pf_syncookies.c in4_cksum.c \ bus_if.h device_if.h \ opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_sctp.h opt_global.h |