Date: Fri, 10 Jul 2020 14:21:03 -0400 From: Mark Johnston <markj@freebsd.org> To: freebsd-net@freebsd.org Subject: Re: making SCTP loadable and removing it from GENERIC Message-ID: <20200710182103.GB9380@raichu> In-Reply-To: <20200709151300.GC8947@raichu> References: <20200709151300.GC8947@raichu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 09, 2020 at 11:13:00AM -0400, Mark Johnston wrote: > Hi, > > I spent some time working on making it possible to load the SCTP stack > as a kernel module, the same as we do today with IPSec. There is one > patch remaining to be committed before that can be done in head. One > caveat is that the module can't be unloaded, as some work is needed to > make this safe. However, this obviously isn't a regression. > > The work is based on the observations that: > 1) the in-kernel SCTP stack is not widely used (I know that the same > code is used in some userland applications), and > 2) the SCTP stack is quite large, most FreeBSD kernel developers are > unfamiliar with it, and bugs in it can easily lead to security holes. > > Michael has done a lot of work to fix issues in the SCTP code, > particularly those found by syzkaller, but given that in-kernel SCTP has > few users (almost certainly fewer than IPSec), it seems reasonable to > require users to opt in to having an SCTP stack with a simple "kldload > sctp". Thus, once the last patch is committed I would like to propose > removing "options SCTP" from GENERIC kernel configs in head, replacing > it with "options SCTP_SUPPORT" to enable sctp.ko to be loaded. > > I am wondering if anyone has any objections to or concerns about this > proposal. Any feedback is appreciated. As a follow-up, here is the proposed change now that requisite code has been committed to head: https://reviews.freebsd.org/D25611 I will wait for a week or so for feedback.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200710182103.GB9380>