=== pf syncookie support

Links: +
link:https://github.com/kprovost/freebsd-src/tree/modirum/pf-syncookie-cleanup[pf syncookies in-progress tree] URL: link:https://github.com/kprovost/freebsd-src/tree/modirum/pf-syncookie-cleanup[https://github.com/kprovost/freebsd-src/tree/modirum/pf-syncookie-cleanup]

Contact: Kristof Provost <kp@FreeBSD.org>

SYN cookies are a mechanism to resist SYN flood denial of service attacks.
The FreeBSD network stack has supported this since 2001.
However, this does not prevent such an attack from flooding the pf state table.

OpenBSD ported this mechanism from FreeBSD into their pf in 2018. This code is now being ported to FreeBSD's pf.

The work is still in progress, but the current version demonstrates the basic capability. Next steps include additional testing, extra automated test cases and implementing the adaptive mode.

The adaptive mode requires extra care in FreeBSD's pf, above what was done in OpenBSD, because of different locking strategies.

Sponsor: Modirum MDPay


We use cookies that are strictly necessary for sign-in and session management. With your consent, we use optional analytics cookies and first-party usage metrics to understand how the site is used. Embedded YouTube videos are not loaded until you choose to play them. Signed-in users can manage these preferences in Account settings; signed-out visitors can clear cookie choices from the footer.

Collaborative Calculation and Data Science

energyhub

colby

sagemath

Product

Resources

Company