From owner-freebsd-net@freebsd.org Thu Jul 9 15:42:05 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E1D4936EA4C for ; Thu, 9 Jul 2020 15:42:05 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from drew.franken.de (mail-n.franken.de [193.175.24.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B2gQj5Bwfz4Bb7; Thu, 9 Jul 2020 15:42:05 +0000 (UTC) (envelope-from tuexen@freebsd.org) Received: from [IPv6:2a02:8109:1140:c3d:8586:b984:b3df:b4f] (unknown [IPv6:2a02:8109:1140:c3d:8586:b984:b3df:b4f]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTPSA id 064ED7220C6D5; Thu, 9 Jul 2020 17:42:00 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: making SCTP loadable and removing it from GENERIC From: Michael Tuexen In-Reply-To: <20200709151300.GC8947@raichu> Date: Thu, 9 Jul 2020 17:41:59 +0200 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: References: <20200709151300.GC8947@raichu> To: Mark Johnston X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 4B2gQj5Bwfz4Bb7 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:680, ipnet:193.174.0.0/15, country:DE]; local_wl_from(0.00)[freebsd.org] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2020 15:42:05 -0000 > On 9. Jul 2020, at 17:13, Mark Johnston wrote: > > Hi, > > I spent some time working on making it possible to load the SCTP stack > as a kernel module, the same as we do today with IPSec. There is one > patch remaining to be committed before that can be done in head. One > caveat is that the module can't be unloaded, as some work is needed to > make this safe. However, this obviously isn't a regression. > > The work is based on the observations that: > 1) the in-kernel SCTP stack is not widely used (I know that the same > code is used in some userland applications), and > 2) the SCTP stack is quite large, most FreeBSD kernel developers are > unfamiliar with it, and bugs in it can easily lead to security holes. > > Michael has done a lot of work to fix issues in the SCTP code, > particularly those found by syzkaller, but given that in-kernel SCTP has > few users (almost certainly fewer than IPSec), it seems reasonable to > require users to opt in to having an SCTP stack with a simple "kldload > sctp". Thus, once the last patch is committed I would like to propose > removing "options SCTP" from GENERIC kernel configs in head, replacing > it with "options SCTP_SUPPORT" to enable sctp.ko to be loaded. > > I am wondering if anyone has any objections to or concerns about this > proposal. Any feedback is appreciated. Hi Mark, maybe it is acceptable to document user visible changes. This could include * parameter tunings in /etc/sysctl.conf are only applied if the SCTP module is loaded from /etc/loader.conf. * If the module is not loaded yet, a user must have root privileges to run a program using SCTP sockets. Best regards Michael