From owner-svn-src-all@FreeBSD.ORG Thu Apr 2 14:20:20 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3315E1ED; Thu, 2 Apr 2015 14:20:20 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id ABFA0B6B; Thu, 2 Apr 2015 14:20:19 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id t32EKHsm066440 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 2 Apr 2015 17:20:17 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id t32EKHAM066439; Thu, 2 Apr 2015 17:20:17 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 2 Apr 2015 17:20:17 +0300 From: Gleb Smirnoff To: Ian Lepore Subject: Re: svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf Message-ID: <20150402142017.GH64665@FreeBSD.org> References: <201504012226.t31MQedN044443@svn.freebsd.org> <1427929676.82583.103.camel@freebsd.org> <20150402123522.GC64665@FreeBSD.org> <1427982787.82583.111.camel@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1427982787.82583.111.camel@freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2015 14:20:20 -0000 On Thu, Apr 02, 2015 at 07:53:07AM -0600, Ian Lepore wrote: I> Discussed, but not really resolved, or even reasonably addressed. I> I> But I guess if you think it's done, more words at this point aren't I> going to make you see the problems clearly enough to make the required I> changes. I didn't see arguments that would prove the following assertions wrong. 1) There is legitimate case of IP ID reuse withing datagram lifetime, that happens due to overflow of uint16_t. Its probability is X. 2) There is a case of IP ID reuse due to migration between counter_u64_add() and memory fetch. Its probability is Y. 3) Y << X 4) Fixing X is impossible. 5) Fixing Y requires additional computing resources per packet. 6) Due to X being considerably high, the modern Internet has learnt to cope with the problem. >From this assertions I estimate that speaking of Y: (probability * risk cost) < countermeasures cost Please prove wrong my assertions, or the conclusion. P.S. Note that up to this week we had ip_id++ code, which was extremele prone to quick ID reuse. And no one (except Emeric of StormShield) was so worried about the case. But as soon as I made it per-CPU, together with disabling the code for 99% packets (thanks RFC6864), some people got extremely concerned by the possible reuse in the per-CPU case. -- Totus tuus, Glebius.