From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Vlad Yasevich <vyasevich@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
David Miller <davem@davemloft.net>,
eric.dumazet@gmail.com, lucien.xin@gmail.com,
netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
mleitner@redhat.com, vyasevic@redhat.com, daniel@iogearbox.net
Subject: Re: [PATCH net-next 1/5] sctp: add the rhashtable apis for sctp global transport hashtable
Date: Mon, 11 Jan 2016 18:19:57 +0000 [thread overview]
Message-ID: <20160111181957.GD6074@mrl.redhat.com> (raw)
In-Reply-To: <5693EFB8.4090604@gmail.com>
On Mon, Jan 11, 2016 at 01:08:56PM -0500, Vlad Yasevich wrote:
> On 01/11/2016 11:33 AM, Marcelo Ricardo Leitner wrote:
> > On Mon, Jan 11, 2016 at 05:32:10PM +0800, Herbert Xu wrote:
> >> David Miller <davem@davemloft.net> wrote:
> >>> From: Eric Dumazet <eric.dumazet@gmail.com>
> >>> Date: Wed, 30 Dec 2015 11:57:31 -0500
> >>>
> >>>> I am against using rhashtable in SCTP (or TCP) at this stage, given the
> >>>> number of bugs we have with it.
> >>>
> >>> Come on Eric, we've largely dealt with all of these problems. I haven't
> >>> seen a serious report in a while.
> >>
> >> Well there is still the outstanding issue with softirq insertion
> >> potentially failing with ENOMEM if we fail to expand the hash
> >> table using just kmalloc.
> >>
> >> So if the target user does softirq insertions, I would wait until
> >> the fix for that is ready.
> >
> > It does some, yes. If listening socket is not backlogged, there will be
> > N inserts at each new association, where N is the number of IP addresses
> > that the client is advertising.
> >
> > This is done on the second stage of the SCTP handshake. Not easily
> > DoS-able as it requires receiving a packet from server and replying
> > based on it, plus N is limited by MTU.
>
> How is N limited by MTU? INIT and COOKIE chunks are allowed to exceed
> mtu and will be IP fragmented. So it seems that N is limited by 65535-overhead,
> where overhead is all the headers plus the sctp cookie info. That can
> be quite a lot of addresses.
Oups, you're right. One then can trigger quite some inserts with a
single new assoc attempt, yes.
Marcelo
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Vlad Yasevich <vyasevich@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
David Miller <davem@davemloft.net>,
eric.dumazet@gmail.com, lucien.xin@gmail.com,
netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
mleitner@redhat.com, vyasevic@redhat.com, daniel@iogearbox.net
Subject: Re: [PATCH net-next 1/5] sctp: add the rhashtable apis for sctp global transport hashtable
Date: Mon, 11 Jan 2016 16:19:57 -0200 [thread overview]
Message-ID: <20160111181957.GD6074@mrl.redhat.com> (raw)
In-Reply-To: <5693EFB8.4090604@gmail.com>
On Mon, Jan 11, 2016 at 01:08:56PM -0500, Vlad Yasevich wrote:
> On 01/11/2016 11:33 AM, Marcelo Ricardo Leitner wrote:
> > On Mon, Jan 11, 2016 at 05:32:10PM +0800, Herbert Xu wrote:
> >> David Miller <davem@davemloft.net> wrote:
> >>> From: Eric Dumazet <eric.dumazet@gmail.com>
> >>> Date: Wed, 30 Dec 2015 11:57:31 -0500
> >>>
> >>>> I am against using rhashtable in SCTP (or TCP) at this stage, given the
> >>>> number of bugs we have with it.
> >>>
> >>> Come on Eric, we've largely dealt with all of these problems. I haven't
> >>> seen a serious report in a while.
> >>
> >> Well there is still the outstanding issue with softirq insertion
> >> potentially failing with ENOMEM if we fail to expand the hash
> >> table using just kmalloc.
> >>
> >> So if the target user does softirq insertions, I would wait until
> >> the fix for that is ready.
> >
> > It does some, yes. If listening socket is not backlogged, there will be
> > N inserts at each new association, where N is the number of IP addresses
> > that the client is advertising.
> >
> > This is done on the second stage of the SCTP handshake. Not easily
> > DoS-able as it requires receiving a packet from server and replying
> > based on it, plus N is limited by MTU.
>
> How is N limited by MTU? INIT and COOKIE chunks are allowed to exceed
> mtu and will be IP fragmented. So it seems that N is limited by 65535-overhead,
> where overhead is all the headers plus the sctp cookie info. That can
> be quite a lot of addresses.
Oups, you're right. One then can trigger quite some inserts with a
single new assoc attempt, yes.
Marcelo
next prev parent reply other threads:[~2016-01-11 18:19 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-30 15:50 [PATCH net-next 0/5] sctp: use transport hashtable to replace association's with rhashtable Xin Long
2015-12-30 15:50 ` Xin Long
2015-12-30 15:50 ` [PATCH net-next 1/5] sctp: add the rhashtable apis for sctp global transport hashtable Xin Long
2015-12-30 15:50 ` Xin Long
2015-12-30 15:50 ` [PATCH net-next 2/5] sctp: apply rhashtable api to send/recv path Xin Long
2015-12-30 15:50 ` Xin Long
2015-12-30 15:50 ` [PATCH net-next 3/5] sctp: apply rhashtable api to sctp procfs Xin Long
2015-12-30 15:50 ` Xin Long
2015-12-30 15:50 ` [PATCH net-next 4/5] sctp: drop the old assoc hashtable of sctp Xin Long
2015-12-30 15:50 ` Xin Long
2015-12-30 15:50 ` [PATCH net-next 5/5] sctp: remove the local_bh_disable/enable in sctp_endpoint_lookup_assoc Xin Long
2015-12-30 15:50 ` Xin Long
2016-01-05 19:07 ` [PATCH net-next 2/5] sctp: apply rhashtable api to send/recv path Vlad Yasevich
2016-01-05 19:07 ` Vlad Yasevich
2016-01-06 16:18 ` Xin Long
2016-01-06 16:18 ` Xin Long
2016-01-06 17:42 ` mleitner
2016-01-06 17:42 ` mleitner
2016-01-11 15:00 ` Vlad Yasevich
2016-01-11 15:00 ` Vlad Yasevich
2015-12-30 16:57 ` [PATCH net-next 1/5] sctp: add the rhashtable apis for sctp global transport hashtable Eric Dumazet
2015-12-30 16:57 ` Eric Dumazet
2015-12-30 17:50 ` David Miller
2015-12-30 17:50 ` David Miller
2016-01-11 9:32 ` Herbert Xu
2016-01-11 9:32 ` Herbert Xu
2016-01-11 16:33 ` Marcelo Ricardo Leitner
2016-01-11 16:33 ` Marcelo Ricardo Leitner
2016-01-11 18:08 ` Vlad Yasevich
2016-01-11 18:08 ` Vlad Yasevich
2016-01-11 18:19 ` Marcelo Ricardo Leitner [this message]
2016-01-11 18:19 ` Marcelo Ricardo Leitner
2015-12-30 17:41 ` Marcelo Ricardo Leitner
2015-12-30 17:41 ` Marcelo Ricardo Leitner
2016-01-05 10:10 ` Xin Long
2016-01-05 10:10 ` Xin Long
2016-01-11 9:22 ` Herbert Xu
2016-01-11 9:22 ` Herbert Xu
2016-01-05 18:38 ` Vlad Yasevich
2016-01-05 18:38 ` Vlad Yasevich
2016-01-06 17:01 ` Xin Long
2016-01-06 17:01 ` Xin Long
2016-01-06 18:19 ` Marcelo Ricardo Leitner
2016-01-06 18:19 ` Marcelo Ricardo Leitner
2016-01-07 17:23 ` Marcelo Ricardo Leitner
2016-01-07 17:23 ` Marcelo Ricardo Leitner
2016-01-07 20:28 ` Vlad Yasevich
2016-01-07 20:28 ` Vlad Yasevich
2016-01-11 9:30 ` Herbert Xu
2016-01-11 9:30 ` Herbert Xu
2016-01-11 16:00 ` mleitner
2016-01-11 16:00 ` mleitner
2016-01-11 17:20 ` Vlad Yasevich
2016-01-11 17:20 ` Vlad Yasevich
2016-01-11 18:09 ` mleitner
2016-01-11 18:09 ` mleitner
2016-01-11 21:35 ` David Miller
2016-01-11 21:35 ` David Miller
2016-01-11 21:31 ` David Miller
2016-01-11 21:31 ` David Miller
2015-12-30 17:19 ` [PATCH net-next 0/5] sctp: use transport hashtable to replace association's with rhashtable Eric Dumazet
2015-12-30 17:19 ` Eric Dumazet
2015-12-30 17:32 ` Marcelo Ricardo Leitner
2015-12-30 17:32 ` Marcelo Ricardo Leitner
2015-12-30 19:11 ` Eric Dumazet
2015-12-30 19:11 ` Eric Dumazet
2015-12-30 20:44 ` David Miller
2015-12-30 20:44 ` David Miller
2015-12-30 21:57 ` Eric Dumazet
2015-12-30 21:57 ` Eric Dumazet
2015-12-30 22:29 ` Marcelo Ricardo Leitner
2015-12-30 22:29 ` Marcelo Ricardo Leitner
2015-12-30 17:52 ` David Miller
2015-12-30 17:52 ` David Miller
2015-12-30 19:03 ` Eric Dumazet
2015-12-30 19:03 ` Eric Dumazet
2015-12-30 20:40 ` David Miller
2015-12-30 20:40 ` David Miller
2016-01-04 22:30 ` David Miller
2016-01-04 22:30 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160111181957.GD6074@mrl.redhat.com \
--to=marcelo.leitner@gmail.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-sctp@vger.kernel.org \
--cc=lucien.xin@gmail.com \
--cc=mleitner@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=vyasevic@redhat.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.