From ef2b805fcf8e2a88d9f4131ed1b7635bf6852d92 Mon Sep 17 00:00:00 2001 From: "Bruce A. Mah" Date: Mon, 26 Nov 2001 20:06:25 +0000 Subject: [PATCH] New release note: TCP syncache. --- release/doc/en_US.ISO8859-1/relnotes/article.sgml | 9 +++++++++ release/doc/en_US.ISO8859-1/relnotes/common/new.sgml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index a63829cd6b8..0e5e3da2a0e 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -708,6 +708,15 @@ net.inet.tcp.strict_rfc1948 and net.inet.tcp.isn_reseed_interval sysctl variables. &merged; + + The TCP implementation in &os; now implements a cache of + outstanding, received SYN segments. Incoming SYN segments now + cause entries to be placed in the cache until the TCP three-way + handshake is complete, at which point, memory is allocated for + the connection as usual. This so-called + syncache makes a host much more resistant to + TCP-based Denial of Service attacks. Work on this feature was + sponsored by DARPA and NAI Labs. diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index a63829cd6b8..0e5e3da2a0e 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -708,6 +708,15 @@ net.inet.tcp.strict_rfc1948 and net.inet.tcp.isn_reseed_interval sysctl variables. &merged; + + The TCP implementation in &os; now implements a cache of + outstanding, received SYN segments. Incoming SYN segments now + cause entries to be placed in the cache until the TCP three-way + handshake is complete, at which point, memory is allocated for + the connection as usual. This so-called + syncache makes a host much more resistant to + TCP-based Denial of Service attacks. Work on this feature was + sponsored by DARPA and NAI Labs.