lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 11 Jan 2016 13:08:56 -0500
From:	Vlad Yasevich <vyasevich@...il.com>
To:	Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	David Miller <davem@...emloft.net>, eric.dumazet@...il.com,
	lucien.xin@...il.com, netdev@...r.kernel.org,
	linux-sctp@...r.kernel.org, mleitner@...hat.com,
	vyasevic@...hat.com, daniel@...earbox.net
Subject: Re: [PATCH net-next 1/5] sctp: add the rhashtable apis for sctp
 global transport hashtable

On 01/11/2016 11:33 AM, Marcelo Ricardo Leitner wrote:
> On Mon, Jan 11, 2016 at 05:32:10PM +0800, Herbert Xu wrote:
>> David Miller <davem@...emloft.net> wrote:
>>> From: Eric Dumazet <eric.dumazet@...il.com>
>>> Date: Wed, 30 Dec 2015 11:57:31 -0500
>>>
>>>> I am against using rhashtable in SCTP (or TCP) at this stage, given the
>>>> number of bugs we have with it.
>>>
>>> Come on Eric, we've largely dealt with all of these problems.  I haven't
>>> seen a serious report in a while.
>>
>> Well there is still the outstanding issue with softirq insertion
>> potentially failing with ENOMEM if we fail to expand the hash
>> table using just kmalloc.
>>
>> So if the target user does softirq insertions, I would wait until
>> the fix for that is ready.
> 
> It does some, yes. If listening socket is not backlogged, there will be
> N inserts at each new association, where N is the number of IP addresses
> that the client is advertising.
> 
> This is done on the second stage of the SCTP handshake. Not easily
> DoS-able as it requires receiving a packet from server and replying
> based on it, plus N is limited by MTU.

How is N limited by MTU?  INIT and COOKIE chunks are allowed to exceed
mtu and will be IP fragmented.  So it seems that N is limited by 65535-overhead,
where overhead is all the headers plus the sctp cookie info.  That can
be quite a lot of addresses.

-vlad

> 
> AFAIK Xin's stress tests couldn't hit this situation of ENOMEM, btw.
> 
> Thanks,
> Marcelo
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ