From owner-freebsd-bugs Mon Aug 12 15:10:10 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C105637B400 for ; Mon, 12 Aug 2002 15:10:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79A5043E72 for ; Mon, 12 Aug 2002 15:10:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7CMA3JU028679 for ; Mon, 12 Aug 2002 15:10:03 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7CMA3MM028678; Mon, 12 Aug 2002 15:10:03 -0700 (PDT) Date: Mon, 12 Aug 2002 15:10:03 -0700 (PDT) Message-Id: <200208122210.g7CMA3MM028678@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: "G.P. de Boer" Subject: kern/41552: TCP timers' sysctl's overflow Reply-To: "G.P. de Boer" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR kern/41552; it has been noted by GNATS. From: "G.P. de Boer" To: Bruce Evans Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: kern/41552: TCP timers' sysctl's overflow Date: Tue, 13 Aug 2002 00:05:12 +0200 At 23:43 12-8-2002, Bruce Evans wrote: > > Anyway.. it's a integer overflow and it breaks stuff in nasty ways. It's > > possible to DoS a host with malfunctioning keep-alives: I already had > > more than 400 hanging connections (in LAST_ACK state) in a few days > > on a moderately loaded server. The fix is there already, I just think it > > should be in -RELEASE too. > >The overflow was fixed by jdp a couple of weeks ago in -current and >RELENG_4. It is not fixed in any of the security branches. Do you >want it there? I think the "fix" for most security bugs caused by >unusual options is to not use unusual options. Ofcourse, unless you haven't got better things to do, which is not ever the case. Now the question pops up if setting HZ -is- unusual. I can imagine that there are many admins around who turned on polling for extra performance/robustness and tuned option HZ because LINT says so. As a non-corporate user I can't tell how much people actually did that, but to me it sounds logical to use polling on heavily loaded networking servers, which comes with increasing the number of clock-interrupts per second. On such servers a bug like this is even more dangerous than on my simple cable-modeming gateway, granted that these systems handle many connections. In conclusion: In my opinion this should be fixed soon, in the security- branches. But if you think/know there aren't many people having trouble with this, because setting HZ isn't very usual, we'll just have to patch it ourselves if need be, or wait for 4.7 :) -- Pieter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message