From owner-freebsd-security  Wed Sep  1 21:32:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 9B42214CB0
	for <freebsd-security@FreeBSD.ORG>; Wed,  1 Sep 1999 21:32:12 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id AAA08736;
	Thu, 2 Sep 1999 00:31:35 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 2 Sep 1999 00:31:35 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199909020431.AAA08736@khavrinen.lcs.mit.edu>
To: Darren Reed <avalon@coombs.anu.edu.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: socket buffer limits (was: Re: FW: Local DoS in FreeBSD)
In-Reply-To: <199909020347.NAA23859@cheops.anu.edu.au>
References: <199909020335.XAA08433@khavrinen.lcs.mit.edu>
	<199909020347.NAA23859@cheops.anu.edu.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Thu, 2 Sep 1999 13:47:10 +1000 (EST), Darren Reed <avalon@coombs.anu.edu.au> said:

> How about failing setsockopt's when they try to increase buffer space
> if it would mean buffer space commitments would exceed a high water mark ?

That's no different from what I dismissed in my reply to Don.  We
don't want to restrict the potential TCP window a user may offer, just
how much actual kernel memory he may tie up at once.

> Also, what if mbufs are dropped and/or send/write fails (ENOBUFS) if there
> is nobody waiting to receive data and a high water mark has been reached ?

POLA violation for sure.  (TCP should be rewritten, however, to use
the receiver's advertised window for user push-back, but that's at
least a full-time person-year's worth of work to write, test, and
tune.  That would mean that loopback connections could only use one
window's-worth of kernel memory for buffering.)

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message