Solved FreeBSD 11 Commit Log - kernel routing cache

Hi

It has been recommended practice to tune the kernel routing cache on FreeBSD for a while to be more resistant to certain types of DDOS attacks. This advice is even offered on some official FreeBSD pages.

But the relevant sysctl's are removed in FreeBSD 11. I cannot find any information as to why, I am aware it could be that the stack is now hardened that they no longer needed, or perhaps there is no longer a kernel route cache at all, but of course it also could be they got deleted because developers got sick of maintaining the code.

Has anyone got an idea of why they are gone? The relevant sysctl's are here.

Code:
net.inet.ip.rtmaxcache
net.inet.ip.rtexpire
net.inet.ip.rtminexpire
 
Specific questions regarding changes or commits are probably best asked on the mailinglists. Unfortunately there aren't a lot of FreeBSD developers on this board so your question may remain unanswered.
 
is good, usdmatt found the commit for me.

Whilst it does not fully answer the question, I do now have a good idea why it was done, as I understand it basically the kernel routing cache no longer gets used much so a code clean up was carried out.
 
Back
Top