lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 12 Aug 2014 10:03:53 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	netdev@...r.kernel.org, Florian Westphal <fw@...len.de>
Subject: Re: [PATCH net] tcp: don't allow syn packets without timestamps to pass
 tcp_tw_recycle logic

On Tue, Aug 12, 2014, at 03:32, Eric Dumazet wrote:
> On Tue, 2014-08-12 at 02:21 +0200, Hannes Frederic Sowa wrote:
> > If tw_recycle is enabled, non-timestamped SYN packets could get past
> > the tw_recycle check and create a new connection. This is dangerous
> > as we cannot verify that segments from an old connection won't be
> > accepted by the new one in tcp_validate_incoming because of the missing
> > timestamps. Note that Windows seems to have timestamps disabled by
> > default. Thus this broken situation could easily arise by a Linux and
> > Windows box sharing one IP address and talking to a tcp_tw_recycle
> > enabled server.
> > 
> > We don't change the behavior regarding how many SYNs we queue up from
> > non timestamping hosts (the second tcp_peer_is_proven check), because the
> > second call to tcp_peer_is_proven does not use the new boolean timestamp
> > argument at all because PAWS check is disabled.
> > 
> > Cc: Florian Westphal <fw@...len.de>
> > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> > ---
> 
> Not sure what you try to achieve here.
>
> tw_recycle can only be used in very controlled environment, no NAT, and
> all hosts using timestamps.
> 
> If using NAT, then tw_recycle can not be used, even if all hosts are
> linux boxes with timestamps enabled.

Mostly me being pessimistic. ;)

I noticed that tw_recycle nonetheless tries to cope with the fact that
sometimes non-timestamped SYNs arrive. E.g. the scheduling of the
time-wait timeout only happens for only RTO in case the host saw
timestamps on the connection, otherwise normal TIMEWAIT_MSL applies.

So I wanted to stop "illegal" connection setups and trade that against
possible data corruption in case someone switches this knob on in a not
controlled environment.

Bye,
Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists