On Sat, Apr 14, 2001 at 03:37:08PM +0800, suxm wrote:

 > I want to use NetBSD as a firewall to resist SYN flood.
 > I have heard that NetBSD implements SYN cache to anti SYN flood.
 > Would anyone like to tell me more about SYN Cache of NetBSD?
 > Any word will be appreciated.

The NetBSD SYN cache only works as a way to protect NetBSD as an
endpoint of communication.  Basically, what it does it use a data
structure/code path that is ligher-weight than the traditional
TCP connection setup path.

The entire thing can be found in sys/netinet/tcp_input.c.  Look for
functions starting with "syn_cache".

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>