lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Aug 2014 10:03:53 +0200 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Eric Dumazet <eric.dumazet@...il.com> Cc: netdev@...r.kernel.org, Florian Westphal <fw@...len.de> Subject: Re: [PATCH net] tcp: don't allow syn packets without timestamps to pass tcp_tw_recycle logic On Tue, Aug 12, 2014, at 03:32, Eric Dumazet wrote: > On Tue, 2014-08-12 at 02:21 +0200, Hannes Frederic Sowa wrote: > > If tw_recycle is enabled, non-timestamped SYN packets could get past > > the tw_recycle check and create a new connection. This is dangerous > > as we cannot verify that segments from an old connection won't be > > accepted by the new one in tcp_validate_incoming because of the missing > > timestamps. Note that Windows seems to have timestamps disabled by > > default. Thus this broken situation could easily arise by a Linux and > > Windows box sharing one IP address and talking to a tcp_tw_recycle > > enabled server. > > > > We don't change the behavior regarding how many SYNs we queue up from > > non timestamping hosts (the second tcp_peer_is_proven check), because the > > second call to tcp_peer_is_proven does not use the new boolean timestamp > > argument at all because PAWS check is disabled. > > > > Cc: Florian Westphal <fw@...len.de> > > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org> > > --- > > Not sure what you try to achieve here. > > tw_recycle can only be used in very controlled environment, no NAT, and > all hosts using timestamps. > > If using NAT, then tw_recycle can not be used, even if all hosts are > linux boxes with timestamps enabled. Mostly me being pessimistic. ;) I noticed that tw_recycle nonetheless tries to cope with the fact that sometimes non-timestamped SYNs arrive. E.g. the scheduling of the time-wait timeout only happens for only RTO in case the host saw timestamps on the connection, otherwise normal TIMEWAIT_MSL applies. So I wanted to stop "illegal" connection setups and trade that against possible data corruption in case someone switches this knob on in a not controlled environment. Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists