Date: Mon, 11 Nov 2002 15:20:47 -0500 From: David Gilbert <dgilbert@velocet.ca> To: freebsd-hackers@freebsd.org Subject: forwarded message on Source Quench Packets. Message-ID: <15824.4383.916763.477130@canoe.velocet.net>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
I normally wouldn't forward something to such a big list, but this has
real implications (and was part of a nast DOS against dsl.ca last
week). The patch for FreeBSD (netbsd code is quoted) is trivial:
--- /sys/netinet/ip_input.c Thu Oct 17 08:29:53 2002
+++ ip_input.c Mon Nov 11 15:15:31 2002
@@ -1822,9 +1822,7 @@
break;
case ENOBUFS:
- type = ICMP_SOURCEQUENCH;
- code = 0;
- break;
+ return;
case EACCES: /* ipfw denied packet */
m_freem(mcopy);
I'm submitting a PR now.
For discussion: source quenches probably shouldn't be generated
anyways, but this patch also doesn't generate the source quench if
we're the target machine. It's probably good to go straight ahead
with this. IIRC, tcp_input.c also can generate a source quench
...
[-- Attachment #2 --]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received: by trooper.velocet.ca (mbox dgilbert)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Mon Nov 11 14:55:30 2002)
X-From_: math@velocet.ca Mon Nov 11 13:42:51 2002
Return-Path: <math@velocet.ca>
Delivered-To: dgilbert@office.tor.velocet.net
Received: from sabre.velocet.net (sabre.velocet.net [216.138.209.205])
by trooper.velocet.ca (Postfix) with ESMTP id D073C7469E
for <dgilbert@office.tor.velocet.net>; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Received: by sabre.velocet.net (Postfix)
id 3886C138114; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Delivered-To: dgilbert@velocet.ca
Received: from trooper.velocet.ca (trooper.velocet.net [216.138.242.2])
by sabre.velocet.net (Postfix) with ESMTP
id 17BFA1380BD; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Received: by trooper.velocet.ca (Postfix)
id EE8E57469F; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Delivered-To: admin@office.tor.velocet.net
Received: from sabre.velocet.net (sabre.velocet.net [216.138.209.205])
by trooper.velocet.ca (Postfix) with ESMTP id D9D2C745D4
for <admin@office.tor.velocet.net>; Mon, 11 Nov 2002 13:42:49 -0500 (EST)
Received: from trooper.velocet.ca (trooper.velocet.net [216.138.242.2])
by sabre.velocet.net (Postfix) with ESMTP
id A4C01138039; Mon, 11 Nov 2002 13:42:49 -0500 (EST)
Received: by trooper.velocet.ca (Postfix, from userid 102)
id 8B84674335; Mon, 11 Nov 2002 13:42:49 -0500 (EST)
Message-ID: <20021111134249.C29373@velocet.ca>
References: <20021111181750.C96B26BDDC@mortar.velocet.net>
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20021111181750.C96B26BDDC@mortar.velocet.net>; from richardsj@mobile.rogers.com on Mon, Nov 11, 2002 at 02:11:42PM -0400
X-Spam-Status: No, hits=-16.0 required=5.0
tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,
SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,USER_AGENT,
USER_AGENT_MUTT
version=2.41
X-Spam-Level:
From: Ken Chase <math@velocet.ca>
To: jrichard@wiznet.ca
Cc: scopplestone@wiznet.ca, jmason@wiznet.ca, admin@velocet.ca
Subject: Re: From th Netbsd source...
Date: Mon, 11 Nov 2002 13:42:49 -0500
On Mon, Nov 11, 2002 at 02:11:42PM -0400, richard's all...
> Maybe a bit late...
> But.....
> ------snip-----
> #if 1
> /*
> * a router should not generate ICMP_SOURCEQUENCH as
> * required in RFC1812 Requirements for IP Version 4 Routers.
> * source quench could be a big problem under DoS attacks,
> * or if the underlying interface is rate-limited.
> */
4.3.3.3 Source Quench
A router SHOULD NOT originate ICMP Source Quench messages. As
specified in Section [4.3.2], a router that does originate Source
Quench messages MUST be able to limit the rate at which they are
generated.
DISCUSSION
Research seems to suggest that Source Quench consumes network
bandwidth but is an ineffective (and unfair) antidote to
congestion. See, for example, [INTERNET:9] and [INTERNET:10].
Section [5.3.6] discusses the current thinking on how routers
ought to deal with overload and network congestion.
A router MAY ignore any ICMP Source Quench messages it receives.
DISCUSSION
A router itself may receive a Source Quench as the result of
originating a packet sent to another router or host. Such
datagrams might be, e.g., an EGP update sent to another router, or
a telnet stream sent to a host. A mechanism has been proposed
([INTERNET:11], [INTERNET:12]) to make the IP layer respond
directly to Source Quench by controlling the rate at which packets
are sent, however, this proposal is currently experimental and not
currently recommended.
INTERNET:9.
A. Mankin, G. Hollingsworth, G. Reichlen, K. Thompson, R.
Wilder, and R. Zahavi, "Evaluation of Internet Performance -
FY89", Technical Report MTR-89W00216, MITRE Corporation,
February, 1990.
INTERNET:10.
G. Finn, A "Connectionless Congestion Control Algorithm",
Computer Communications Review, volume 19, number 5, Association
for Computing Machinery, October 1989.
/kc
> if (mcopy)
> m_freem(mcopy);
> return;
> #else
> type = ICMP_SOURCEQUENCH;
> code = 0;
> break;
> #endif
>
>
> - - - - - - - - - - - - -
> Jonathan Richards
> Tel:+1-416-876-5219
> Fax:+1-708-575-1680
> Email:jrichards@wiznet.ca
--
Ken Chase, math@velocet.ca * Velocet Communications Inc. * Toronto, CANADA
[-- Attachment #3 --]
Dave.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15824.4383.916763.477130>