From owner-freebsd-bugs  Sun Aug 11 10:40: 6 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E061437B400
	for <freebsd-bugs@hub.freebsd.org>; Sun, 11 Aug 2002 10:40:02 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 39E6943E70
	for <freebsd-bugs@hub.freebsd.org>; Sun, 11 Aug 2002 10:40:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7BHe2JU027263
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 11 Aug 2002 10:40:02 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7BHe2u7027262;
	Sun, 11 Aug 2002 10:40:02 -0700 (PDT)
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1046F37B400
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Aug 2002 10:33:14 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CAAE443E65
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Aug 2002 10:33:13 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g7BHXCOT061466
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Aug 2002 10:33:12 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g7BHXCRb061465;
	Sun, 11 Aug 2002 10:33:12 -0700 (PDT)
Message-Id: <200208111733.g7BHXCRb061465@www.freebsd.org>
Date: Sun, 11 Aug 2002 10:33:12 -0700 (PDT)
From: "G.P. de Boer" <g.p.de.boer@st.hanze.nl>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/41552: TCP timers' sysctl's overflow
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         41552
>Category:       kern
>Synopsis:       TCP timers' sysctl's overflow
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 11 10:40:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     G.P. de Boer
>Release:        4.6.1-RELEASE-p10
>Organization:
none
>Environment:
FreeBSD stranraer 4.6.1-RELEASE-p10 FreeBSD 4.6.1-RELEASE-p10 #4: Sun Aug 11 16:06:11 CEST 2002     root@stranraer:/usr/obj/usr/src/sys/KERNEL-12-06-2002  i386     
>Description:
When setting syscontrols like net.inet.tcp.keepidle on a system with clocktick-granularity above 1000 Hz, there's an overflow triggered, resulting in at least inaccurate, but sometimes negative TCP timeouts. This could result in a situation where keep-alive isn't working as expected or at all, which could then be exploited to DoS a host.
>How-To-Repeat:
root@stranraer:~$ sysctl -w net.inet.tcp.keepidle=7200000
net.inet.tcp.keepidle: 720000 -> 757549

On systems with clocktick-granularity >1000. 
>Fix:
As already merged into RELENG_4: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_timer.c?r1=1.34.2.12

   
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message