Date: Mon, 12 Aug 2002 15:10:04 -0700 (PDT) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/41552: TCP timers' sysctl's overflow Message-ID: <200208122210.g7CMA4RG028686@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/41552; it has been noted by GNATS. From: Bruce Evans <bde@zeta.org.au> To: "G.P. de Boer" <g.p.de.boer@st.hanze.nl> Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: kern/41552: TCP timers' sysctl's overflow Date: Tue, 13 Aug 2002 07:43:26 +1000 (EST) On Mon, 12 Aug 2002, G.P. de Boer wrote: [Garrett Wollman wrote] > > > When setting syscontrols like net.inet.tcp.keepidle on a system with > > > clocktick-granularity above 1000 Hz, there's an overflow triggered, > > > resulting in at least inaccurate, but sometimes negative TCP > > > timeouts. > > > >1 kHz timers are just barely within spec for TCP (using the 32-bit > >fields in RFC 1323). Um, that is for the TCP timers. I think these have nothing to do with HZ except that setting HZ to a large value breaks the scaling for them. > Anyway.. it's a integer overflow and it breaks stuff in nasty ways. It's > possible to DoS a host with malfunctioning keep-alives: I already had > more than 400 hanging connections (in LAST_ACK state) in a few days > on a moderately loaded server. The fix is there already, I just think it > should be in -RELEASE too. The overflow was fixed by jdp a couple of weeks ago in -current and RELENG_4. It is not fixed in any of the security branches. Do you want it there? I think the "fix" for most security bugs caused by unusual options is to not use unusual options. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208122210.g7CMA4RG028686>