Date: Tue, 24 Jun 2025 09:29:54 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 287229] IP reassembly issue in FreeBSD 14.1 Message-ID: <bug-287229-7501-IkwQ1DH4lD@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-287229-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-287229-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D287229 --- Comment #37 from Lucas Aubard <lucas.aubard@irisa.fr> --- (In reply to Michael Tuexen from comment #33) In the attacks we consider, the attacker does not try to reach FreeBSD limi= ts to force it to drop some fragments. Instead, the attacker sends a sequence = of overlapping packets that the NIDS and the supervised host reassemble differently (e.g., the NIDS favors the oldest data in the overlapping porti= on while the supervised host prefers the newest). Thus, the attacker does not = try to reproduce our entire set of test cases; they only need one of the test c= ases to perform the attack. In our testing, we are trying to obtain the FreeBSD reassembly policy, and = the limits are reached because of the VM setting and the testing parallelizatio= n.=20 For your information, here are the results of some experiments I ran with 4= 0 or 60 processes: - (1) vm.kmem_size=3D"200M", vm.kmem_size_max=3D"200M", maxfragbucketsize= =3D100, maxfrags=3D400 (default), 40 processes =3D> inconsistencies. - (2) vm.kmem_size=3D"200M", vm.kmem_size_max=3D"200M", maxfragbucketsize= =3D100, maxfrags=3D4000, 40 processes =3D> no inconsistency. - (3) vm.kmem_size=3D"200M", vm.kmem_size_max=3D"200M", maxfragbucketsize= =3D100, maxfrags=3D4000, 60 processes =3D> inconsistencies. - (4) vm.kmem_size=3D"1000M", vm.kmem_size_max=3D"1000M", maxfragbucketsize= =3D3 (default), maxfrags=3D1983 (default), 60 processes =3D> inconsistencies. - (5) vm.kmem_size=3D"1000M", vm.kmem_size_max=3D"1000M", maxfragbucketsize= =3D3 (default), maxfrags=3D4000, 60 processes =3D> no inconsistency. - (6) vm.kmem_size=3D"1000M", vm.kmem_size_max=3D"1000M", maxfragbucketsize= =3D100, maxfrags=3D4000, 60 processes =3D> inconsistencies. Let me know if you want that I test other parameter values. For my specific case, I should increase kmem_size to 2000M so as not to experience reassembly inconsistency. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-287229-7501-IkwQ1DH4lD>