From owner-freebsd-net@freebsd.org Thu Jul 9 15:13:05 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CB2B836DD62 for ; Thu, 9 Jul 2020 15:13:05 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qv1-xf42.google.com (mail-qv1-xf42.google.com [IPv6:2607:f8b0:4864:20::f42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B2fnD5v19z49L2; Thu, 9 Jul 2020 15:13:04 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qv1-xf42.google.com with SMTP id e3so1073689qvo.10; Thu, 09 Jul 2020 08:13:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=IDOiIttJfhtC89ju9Sf5Efu9XaNqdAAi2nLRqhpgivM=; b=ts1ZjIMgQltDT3/XncHag1kkaXXNUG8Wh56aGk8yHPlxxp27pISTDeamJTNDNLtpX8 OWSUP8+LNOdBEfonoK3dV69gacd+NK6DnpherPMiFNgqDJJ/MC/V14BmpFjxk6F1EJSO 5Y0/n76xvxPTTk5gR5BXaHgXwTxphy/lblOLkj2eeMAZ+h9KW+IMoWPgs60Vw/13N+1s L7RulhnxizH1FXHxnsqcuIlQ39iTCXcVyBo2iuZ5jSZjfkaJquyGQihH8ZycjoMz47hR EraAQNOjwsNor5vbcO70Q8HqfdASSwpv50P92a5ZocQVAHuRW2nRx0vwJ0LoNbZZ+oN3 gn7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :mime-version:content-disposition; bh=IDOiIttJfhtC89ju9Sf5Efu9XaNqdAAi2nLRqhpgivM=; b=b6cjLzfIIrU7LJ6GkPdIj3khmhZuivoKRo+dt5Sr+Hep+Ia5W8fjSzbftCkCMs2wZ0 v0lE89yp53rU0IhqX7A2jc6YkuCHrwwmf9qRg46/0O08YToKBnbEFURqtGgrUff2CUQn HCIbm/S1u0mAtpBBvgm/SWY5BYxTGujP7sEZBssJy5MJ+9WQsuoDJnI9OiAGTVJfizWT hbsuo4wxNcwc6m77kdroGTUC5794Y1InprAP4ziWDlKJb8XxkASCvmHFQtIn0iBOi8Jl hRaDVMSBKc15LjEJaOfz5Xe1KpR2J16swaEzMNGURllcDpcUnk63E8wqgBou7mxI2MbL BvXw== X-Gm-Message-State: AOAM530U7Saafl7vLh7a/6ECSpNtaMtn9YgQ9VyJb7VAxn1vKKlt57eT tf5hrBkg+fkwzGmcsk5ANz8AFAZzPbs= X-Google-Smtp-Source: ABdhPJxWxxQNZtLC+siuyq5Gj1ZqkLo/fDhTaXHzz8Ow4KBK9bvEZd/bWDxv26qlmBz5ktNQC9c5Ag== X-Received: by 2002:a0c:9e4f:: with SMTP id z15mr61757394qve.119.1594307583349; Thu, 09 Jul 2020 08:13:03 -0700 (PDT) Received: from raichu (toroon0560w-lp130-14-174-91-9-204.dsl.bell.ca. [174.91.9.204]) by smtp.gmail.com with ESMTPSA id x13sm3865800qts.57.2020.07.09.08.13.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2020 08:13:02 -0700 (PDT) Sender: Mark Johnston Date: Thu, 9 Jul 2020 11:13:00 -0400 From: Mark Johnston To: freebsd-net@freebsd.org Cc: tuexen@freebsd.org Subject: making SCTP loadable and removing it from GENERIC Message-ID: <20200709151300.GC8947@raichu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 4B2fnD5v19z49L2 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=ts1ZjIMg; dmarc=none; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::f42 as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-1.97 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-0.93)[-0.933]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.02)[-1.017]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_NOT_FQDN(0.50)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f42:from]; NEURAL_HAM_SHORT(-0.32)[-0.321]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[174.91.9.204:received]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2020 15:13:05 -0000 Hi, I spent some time working on making it possible to load the SCTP stack as a kernel module, the same as we do today with IPSec. There is one patch remaining to be committed before that can be done in head. One caveat is that the module can't be unloaded, as some work is needed to make this safe. However, this obviously isn't a regression. The work is based on the observations that: 1) the in-kernel SCTP stack is not widely used (I know that the same code is used in some userland applications), and 2) the SCTP stack is quite large, most FreeBSD kernel developers are unfamiliar with it, and bugs in it can easily lead to security holes. Michael has done a lot of work to fix issues in the SCTP code, particularly those found by syzkaller, but given that in-kernel SCTP has few users (almost certainly fewer than IPSec), it seems reasonable to require users to opt in to having an SCTP stack with a simple "kldload sctp". Thus, once the last patch is committed I would like to propose removing "options SCTP" from GENERIC kernel configs in head, replacing it with "options SCTP_SUPPORT" to enable sctp.ko to be loaded. I am wondering if anyone has any objections to or concerns about this proposal. Any feedback is appreciated.