Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
348 views
in Technique[技术] by (71.8m points)

security - BPF: Dealing with full hash table for storing SYN cookie answers and whitelisting clients

I have implemented a BPF kernel program that acts as a kind of SYN proxy to deal with SYN floods. But it does is storing a cookie when a SYN from a client comes in, hashing it's IP and port into a BPF MAP. When the client replies correctly, it's hash is added to the whitelist, and next packets go straight to the server.

My problem is that maps in BPF can't be resized at runtime, so I need to find a way to reutilize slots in the map. So far, what I did was to change the map to an array and then use t hash of the user and use the % modulo operator with the size of the array, to find a slot in such array that the client will use. The problem with that is under an attack there are many overlaps of the index, and some of the attacking IPs happen to be in the whitelist according to the hash, so they get through the server.

I was hoping to start a discussion here about how this could be done in a more efficient way.

Thanks.

question from:https://stackoverflow.com/questions/65853008/bpf-dealing-with-full-hash-table-for-storing-syn-cookie-answers-and-whitelistin

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...