From owner-freebsd-stable  Tue Apr 24 11:29:14 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mail.newst.irs.ru (newst.irs.ru [212.164.94.1])
	by hub.freebsd.org (Postfix) with ESMTP id 158E237B42C
	for <freebsd-stable@freebsd.org>; Tue, 24 Apr 2001 11:29:05 -0700 (PDT)
	(envelope-from fjoe@newst.net)
Received: from lark.nsk.bsgdesign.com (lark.nsk.bsgdesign.com [192.168.3.21])
	by mail.newst.irs.ru (8.11.1/8.11.0) with ESMTP id f3OIT2K07373
	for <freebsd-stable@freebsd.org>; Wed, 25 Apr 2001 01:29:03 +0700 (NOVST)
	(envelope-from fjoe@newst.net)
Date: Wed, 25 Apr 2001 01:29:02 +0700 (NOVST)
From: Max Khon <fjoe@newst.net>
X-Sender: fjoe@localhost
To: freebsd-stable@freebsd.org
Subject: if_tap + nis
Message-ID: <Pine.BSF.4.21.0104250116330.37191-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

hi, there!

We are experiencing the following problem:
If NIS server is going down NIS client with if_tap.ko loaded 
causes ICMP and UDP flood (RPC requests) on NIS server when NIS server
comes up. This leads to denial of service (portmap turns into fork bomb).

Is there anyone experiencing the same problem?
Is is possible to rate-limit RPC requests processing by portmap?

NIS configuration is pretty simple:

nis_server_enable="YES"
nis_client_enable="YES"
nis_client_flags="-ypsetme -s"

in /etc/rc.conf on server side and

nis_client_enable="YES"

on client side. Client also has if_tap.ko loaded (vmware2 port installed
with networking turned on, no bridging).

client is running 4.2-STABLE (around January)
server is running 4.3-RELEASE

/fjoe


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message