From nobody Mon May 6 11:11:36 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VXzJ05gmTz5JysX; Mon, 06 May 2024 11:11:44 +0000 (UTC) (envelope-from garyj@gmx.de) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VXzJ00gcmz41Z9; Mon, 6 May 2024 11:11:43 +0000 (UTC) (envelope-from garyj@gmx.de) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1714993897; x=1715598697; i=garyj@gmx.de; bh=VactG4G0iCC85W+GreR3m+U0I9B937hYkfcRGtNrsn0=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:Message-ID:In-Reply-To: References:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=neEj7QH27uwXOCT/40b/uDO1Bx8rCPOFtmq29aDZRB+MlykedMWRL18k4OWdNf86 BafOylhHBvZFo0EqQtd35zT6apmnMFpRQfJs0oeajR+n+jtcCZanN5ugHbfPdgOb4 7tZ+ndh/pPnbcwEzBuRewaUtMyqJH9uFjeWO7vLL+cUIsmDmRsY8tLZ8j+1v1D35y /WR79OdwjM/ed2VHo/4fPca9wjScEV6yYtfSEsjoCa6AqlIGQ9Eb8KLdbTZ1MOOg+ sSJtLRJPJJl0YP+Zksv4FKfn+2E1q8FJRr/lmXRGgH3V0Xwjt5mn9+oU+jvmH4w1q z0DbeEuRv3rhuWztIQ== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from ernst.home ([217.226.50.237]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MWzk3-1s6QGu0i7N-00YqdB; Mon, 06 May 2024 13:11:37 +0200 Date: Mon, 6 May 2024 11:11:36 +0000 From: Gary Jennejohn To: Alexander Leidinger Cc: Randall Stewart , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: fce03f85c5bf - main - TCP can be subject to Sack Attacks lets fix this issue. Message-ID: <20240506131136.1bcf87f9@ernst.home> In-Reply-To: <97c2eddd682d7347b0d26c0f042401bb@Leidinger.net> References: <202405051310.445DAMEO069675@gitrepo.freebsd.org> <97c2eddd682d7347b0d26c0f042401bb@Leidinger.net> Reply-To: garyj@gmx.de X-Mailer: Claws Mail 3.20.0 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:nkWoqacq7JuGE0MyKM/jA/RHZAzAJdOkm27KXfkwO7Y8I+ny3ff hNEu+27uSQ3hMcH6DN7ISFdzqPnOEG3NPNFe5gEFm5eeof12nwJxh162f6ruq8OAiqo0M89 jbn2q65k0u1LxAVwvhX6iQ+n1p6yslcZT5dFhQ6cmeDHLXe1WgINabhhbAbrTDa1ghb+guo EV8Zsjn8qcwJmGuIAD41Q== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:RvUOQE9U9wc=;z7dxZ7TdZa//G3W/eG+3X/JkE5G +ffZSwDynajNjA2R3kCPtMIJlJIbToqKErdJOm9Aq0AEKr2YCuQhr80uNAQ8Js2cDb1oOnerk k+A+Sl+oKceeONlBAjBV7jNRmht7/kAmBI/74Gg4dRhcQ70INmTjMxSPV+5RfD45GOG7aehMv jl5/Eh5xjpJO9OHwLCGRtZTUFJ79CIGfa7KsS5+qLFilLigCuq/rL2qY0v4PFPlV/dx5wuSOS tDwwB5V5x9J2sPSmkysDKn/zrdUZNdCSJ/W2+XBqMxbibPqGvB+yn/BAdX8GzGn1QzvKoms8j i504hTOiolhaDSjsm9Kbcrbf74rx5IDmm1vhht+aY7tTvlwXAB4u7HDftu/mP49utCk7+Upu1 tESrVoDFEGQv7nrCK1hvruNj8DDJEx6HoFk5q9C5TUJURyyQyxlrOV5fUT2Y/D67HxcUKIp1J nZTbCGiQ8n7wD2aJHSX7k85fyNjqt0siknqHczozTi1+z69ddbFLilpiQxh7TsBEfINh8HaxE lBAr5Z0dwzZgWBlGUVpCa69d/ATMVbQ72rbGwOBxno2EuMQihbmVOIOyape2mwmiucDfFxIyp LOvUDcjXGfE0oJmwUd5z2W7NppkfTbug4LlW2w0JIMTWhCeQThzTujCgtpod68Is8gOYaq23P iQVnVmREao2ihoyCCy4ES3GpNKlFBWsVGh3cU5unA2Vd/Kbh/VrptmlyE/h4qadyo86YcXvWJ Dqep8H+KUURjxj+YbC8PcnGFYP5jEAh7bZjcwOTkT0IaGO6vTUapia52geQCMinC9naUngXWC GHc4mgxR2v0EzvO1n1bN155YSdZZC3bqin54ICwlpKLeA= X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE] X-Rspamd-Queue-Id: 4VXzJ00gcmz41Z9 On Mon, 06 May 2024 09:27:31 +0200 Alexander Leidinger wrote: > Am 2024-05-05 15:10, schrieb Randall Stewart: > > The branch main has been updated by rrs: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=3Dfce03f85c5bfc0d73fb5c43ac1af= fad73efab11a > > > > commit fce03f85c5bfc0d73fb5c43ac1affad73efab11a > > Author: Randall Stewart > > AuthorDate: 2024-05-05 13:08:47 +0000 > > Commit: Randall Stewart > > CommitDate: 2024-05-05 13:08:47 +0000 > > > > TCP can be subject to Sack Attacks lets fix this issue. > > > > There is a type of attack that a TCP peer can launch on a > > connection. This is for sure in Rack or BBR and probably even the > > default stack if it uses lists in sack processing. The idea of the > > attack is that the attacker is driving you to look at 100's of sack > > blocks that only update 1 byte. So for example if you have 1 - 10,000 > > bytes outstanding the attacker sends in something like: > > > > ACK 0 SACK(1-512) SACK(1024 - 1536), SACK(2048-2536), SACK(4096 - > > 4608), SACK(8192-8704) > > This first sack looks fine but then the attacker sends > > > > ACK 0 SACK(1-512) SACK(1025 - 1537), SACK(2049-2537), SACK(4097 - > > 4609), SACK(8193-8705) > > ACK 0 SACK(1-512) SACK(1027 - 1539), SACK(2051-2539), SACK(4099 - > > 4611), SACK(8195-8707) > > ... > > These blocks are making you hunt across your linked list and split > > things up so that you have an entry for every other byte. Has your lis= t > > grows you spend more and more CPU running through the lists. The idea > > here is the attacker chooses entries as far apart as possible that mak= e > > you run through the list. This example is small but in theory if the > > window is open to say 1Meg you could end up with 100's of thousands > > link list entries. > > Would it make sense to use a tree list (generic example: > https://commons.apache.org/proper/commons-collections/apidocs/org/apache= /commons/collections4/list/TreeList.html) > instead of a linked list additional/independently to what you committed? > > > diff --git a/sys/netinet/tcp_stacks/sack_filter.c > > b/sys/netinet/tcp_stacks/sack_filter.c > > index e82fcee2ffac..fc9ee8454a1e 100644 > > --- a/sys/netinet/tcp_stacks/sack_filter.c > > +++ b/sys/netinet/tcp_stacks/sack_filter.c > > > #ifndef _KERNEL > > + > > +static u_int tcp_fixed_maxseg(const struct tcpcb *tp) > > +{ > > + /* Lets pretend their are timestamps on for user space */ > > + return (tp->t_maxseg - 12); > > +} > > Typo in the comment? > Yes. Should be Let's as a contraction of Let us. =2D- Gary Jennejohn