FreeBSD 9.0 release Syn flood

[seyit]

Hi,

I just install FreeBSD 9.0-RELEASE. While I try SYN flood from single IP, CPU load %100 and starting latency, also packet loss.

bsd# netstat -n | grep SYN_RCVD | wc -l
    4308

I configured /etc/sysctl.conf

net.inet.tcp.syncookies: 1

but nothing happens. Also in syncookie:1 more latency then syncookie:0. It was working when I used FreeBSD 8.2.

Is there any problem? In 9.0-RELEASE?

 

[darkmark]

Some, perhaps obvious, questions:

EDIT: the format of your sysctl.conf (at least as posted above) is wrong it should be:

name=value

e.g.:

net.inet.tcp.syncookies_only=1
net.inet.tcp.syncookies=1

• Does your synflood tool support syncookies? Which tool are you using?
• Did you reboot after dumping that into sysctl.conf? Did you set the sysctl directly?
• Do you have any kernel messages during the synflood?

 

[seyit]

- I use hping3 like [cmd=]hping3 -S x.x.x.x -p 80 --flood[/cmd] on tcp port 80 running web server.
- here is my sysctl.conf:

bsd# sysctl -a | grep syncookie
net.inet.tcp.syncookies_only: 1
net.inet.tcp.syncookies: 1

- no not any message.. Just 1 core using %100 and packet loss.

1 more question: for the NIC card, how can I use more than 1 core? If I set up to use more core for NIC card. It would be great maybe no packet loss.

 

[darkmark]

You're correct in that this should work just fine. And a quick test on my webserver shows syncookies working correctly (bge driver 10-current r228438 with lighttpd).

There have been some, seemingly minor changes between 9.0-release and 9-stable in netinet but a quick look doesn't show anything syncookie related.