Date: Mon, 12 Aug 2002 15:10:03 -0700 (PDT) From: "G.P. de Boer" <g.p.de.boer@st.hanze.nl> To: freebsd-bugs@FreeBSD.org Subject: kern/41552: TCP timers' sysctl's overflow Message-ID: <200208122210.g7CMA3MM028678@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/41552; it has been noted by GNATS. From: "G.P. de Boer" <g.p.de.boer@st.hanze.nl> To: Bruce Evans <bde@zeta.org.au> Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: kern/41552: TCP timers' sysctl's overflow Date: Tue, 13 Aug 2002 00:05:12 +0200 At 23:43 12-8-2002, Bruce Evans wrote: > > Anyway.. it's a integer overflow and it breaks stuff in nasty ways. It's > > possible to DoS a host with malfunctioning keep-alives: I already had > > more than 400 hanging connections (in LAST_ACK state) in a few days > > on a moderately loaded server. The fix is there already, I just think it > > should be in -RELEASE too. > >The overflow was fixed by jdp a couple of weeks ago in -current and >RELENG_4. It is not fixed in any of the security branches. Do you >want it there? I think the "fix" for most security bugs caused by >unusual options is to not use unusual options. Ofcourse, unless you haven't got better things to do, which is not ever the case. Now the question pops up if setting HZ -is- unusual. I can imagine that there are many admins around who turned on polling for extra performance/robustness and tuned option HZ because LINT says so. As a non-corporate user I can't tell how much people actually did that, but to me it sounds logical to use polling on heavily loaded networking servers, which comes with increasing the number of clock-interrupts per second. On such servers a bug like this is even more dangerous than on my simple cable-modeming gateway, granted that these systems handle many connections. In conclusion: In my opinion this should be fixed soon, in the security- branches. But if you think/know there aren't many people having trouble with this, because setting HZ isn't very usual, we'll just have to patch it ourselves if need be, or wait for 4.7 :) -- Pieter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208122210.g7CMA3MM028678>