| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1267409328.23196.37.camel@debian> Date: Mon, 01 Mar 2010 10:08:48 +0800 From: Zhu Yi <yi.zhu@...el.com> To: David Miller <davem@...emloft.net> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "eric.dumazet@...il.com" <eric.dumazet@...il.com> Subject: Re: [PATCH V2] net: add accounting for socket backlog On Fri, 2010-02-26 at 20:05 +0800, David Miller wrote: > So remind me why TCP, or any other non-UDP protocol, won't > intrinsically have this problem too? If TCP ACKs are not received, the (closed) remote window prevents the TCP sender to send more frames. > It seems pretty trivial to do with any protocol, especially remotely, > with a packet generator. The code in TCP, for example, which queues > to the backlog, doesn't care about sequence numbers or anything like > that. > > So you could spray a machine with the same TCP frame over and over > again, as fast as possible, as long as it matches the socket identity. > > And in this way fill up the backlog endlessly and OOM the system. Yeah, I only considered about the normal case, that is the TCP frames are built and managed in the kernel. If a user does frame generation himself, yes, the same problem could happen potentially for all protocols using backlog. Thanks, -yi -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists