From owner-freebsd-net@freebsd.org Thu Jul 9 21:15:43 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4B584356730 for ; Thu, 9 Jul 2020 21:15:43 +0000 (UTC) (envelope-from SRS0=nAK9=AU=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 4B2pqf4Cgdz4dcN; Thu, 9 Jul 2020 21:15:42 +0000 (UTC) (envelope-from SRS0=nAK9=AU=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4B2pqd28whz2fv2N; Thu, 9 Jul 2020 14:15:41 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Subject: Re: making SCTP loadable and removing it from GENERIC From: Doug Hardie In-Reply-To: <20200709201044.GG8947@raichu> Date: Thu, 9 Jul 2020 14:15:40 -0700 Cc: Doug Hardie , freebsd-net@freebsd.org, tuexen@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <3DC5AC46-604E-4CB4-93EC-6421ED575DBB@mail.sermon-archive.info> References: <20200709151300.GC8947@raichu> <63F4446F-DECF-4DE8-99CA-EC8755A5D4A1@mail.sermon-archive.info> <20200709201044.GG8947@raichu> To: Mark Johnston X-Mailer: Apple Mail (2.3445.104.14) X-Virus-Scanned: clamav-milter 0.101.4 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 4B2pqf4Cgdz4dcN X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of SRS0=nAK9=AU=mail.sermon-archive.info=doug@sermon-archive.info designates 71.177.216.148 as permitted sender) smtp.mailfrom=SRS0=nAK9=AU=mail.sermon-archive.info=doug@sermon-archive.info X-Spamd-Result: default: False [-1.99 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.02)[-1.023]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:71.177.216.148]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[lafn.org: no valid DMARC record]; NEURAL_HAM_LONG(-1.02)[-1.025]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.54)[-0.537]; FORGED_SENDER(0.30)[bc979@lafn.org,SRS0=nAK9=AU=mail.sermon-archive.info=doug@sermon-archive.info]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:71.177.216.0/23, country:US]; FROM_NEQ_ENVFROM(0.00)[bc979@lafn.org,SRS0=nAK9=AU=mail.sermon-archive.info=doug@sermon-archive.info]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2020 21:15:43 -0000 > On 9 July 2020, at 13:10, Mark Johnston wrote: >=20 > On Thu, Jul 09, 2020 at 12:44:25PM -0700, Doug Hardie wrote: >>> On 9 July 2020, at 08:13, Mark Johnston wrote: >>>=20 >>> Hi, >>>=20 >>> I spent some time working on making it possible to load the SCTP = stack >>> as a kernel module, the same as we do today with IPSec. There is = one >>> patch remaining to be committed before that can be done in head. = One >>> caveat is that the module can't be unloaded, as some work is needed = to >>> make this safe. However, this obviously isn't a regression. >>>=20 >>> The work is based on the observations that: >>> 1) the in-kernel SCTP stack is not widely used (I know that the same >>> code is used in some userland applications), and >>> 2) the SCTP stack is quite large, most FreeBSD kernel developers are >>> unfamiliar with it, and bugs in it can easily lead to security = holes. >>>=20 >>> Michael has done a lot of work to fix issues in the SCTP code, >>> particularly those found by syzkaller, but given that in-kernel SCTP = has >>> few users (almost certainly fewer than IPSec), it seems reasonable = to >>> require users to opt in to having an SCTP stack with a simple = "kldload >>> sctp". Thus, once the last patch is committed I would like to = propose >>> removing "options SCTP" from GENERIC kernel configs in head, = replacing >>> it with "options SCTP_SUPPORT" to enable sctp.ko to be loaded. >>>=20 >>> I am wondering if anyone has any objections to or concerns about = this >>> proposal. Any feedback is appreciated. >>=20 >> I have a number of systems using SCTP. It is a key part of a = distributed application. As a user of SCTP, I have a slight objection = to removing it from the kernel. It would require me to remember when = setting up a new system to enable that. I am not likely to remember. >=20 > To be clear, with the proposed change SCTP can be loaded at boot by > adding a single line: sctp_load=3D"YES" to /boot/loader.conf, or > kld_list=3D"sctp" to /etc/rc.conf. Also, the change will not be = present > in a release until 13.0 or possibly 12.2, which provides plenty of = time, > and the release notes will reflect the change. >=20 > I was really looking for objections pointing out that a dynamically > loaded SCTP stack would prevent or inhibit some workflow. Relying on > being able to configure systems from memory rather than using a > checklist or some automated configuration management does not seem to = be > a good reason for keeping SCTP in the kernel. >=20 >> What is going to happen if you run an application that uses SCTP and = the module is not loaded? >=20 > An attempt to create an SCTP socket will fail with EPROTONOSUPPORT, > "Protocol not supported". >=20 >> What will remind me how to fix the issue? I am not likely to = remember about this 6 months from now. >=20 > Hopefully "protocol not supported" is a sufficiently descriptive error > message.=20 Actually, the users of these systems would have no clue about that = message. All they would figure out is that the system is down and they = can't do their job and bitch to the CEO. I am going to assume that that = error will be produced by the socket call and I have added code to check = for it and email me if it occurs. I believe that the only viable = approach for us is the rc.conf solution as some of these systems are = rhapsberry pi 3s which I understand don't use the loader.conf file. One of the configurations we are considering is for each user to have = their own Rhapsberry Pi and eliminate the central server. All data is = replicated between all the machines so there is no need for a central = server anymore. If I can make that work, it would be a large cost = savings for my client. -- Doug