* Re: [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid DOS [not found] <61eb00$5diu20@dgate20u.abg.fsc.net> @ 2014-11-05 22:35 ` NeilBrown 2014-11-06 19:54 ` Strösser, Bodo 0 siblings, 1 reply; 3+ messages in thread From: NeilBrown @ 2014-11-05 22:35 UTC (permalink / raw) To: bstroesser; +Cc: linux-nfs, bfields [-- Attachment #1: Type: text/plain, Size: 3113 bytes --] On 05 Nov 2014 21:24:29 +0100 bstroesser@ts.fujitsu.com wrote: > From: Bodo Stroesser <bstroesser@ts.fujitsu.com> > Date: Thu, 09 Oct 2014 13:06:19 +0200 > Subject: [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid DOS > > This patch is experimental. In works fine in that it removes the vulnerability > against a DOS attack. rpc.mountd can be blocked by a bad client, that sends > many RPC requests but never reads the responses. This might happen intentionally > or caused by a wrong network config (MTU). > The patch switches on the nonblocking mode of libtirpc. In that mode writes can > block for a max. of 2 seconds. Attackers are forced to send requests slower, as > libtirpc will close a connection if it finds two requests to read at the same > time. > I do not know, whether setting MAXREC could cause trouble e.g. with big replies. > > > Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com> > --- > > --- nfs-utils-1.3.1/support/nfs/svc_create.c 2014-10-09 12:09:15.000000000 +0200 > +++ nfs-utils-1.3.1/support/nfs/svc_create.c 2014-10-09 12:13:32.000000000 +0200 > @@ -49,6 +49,8 @@ > > #ifdef HAVE_LIBTIRPC > > +#include <rpc/rpc_com.h> > + > #define SVC_CREATE_XPRT_CACHE_SIZE (8) > static SVCXPRT *svc_create_xprt_cache[SVC_CREATE_XPRT_CACHE_SIZE] = { NULL, }; > > @@ -401,6 +403,7 @@ > const struct sigaction create_sigaction = { > .sa_handler = SIG_IGN, > }; > + int maxrec = RPC_MAXDATASIZE; > unsigned int visible, up, servport; > struct netconfig *nconf; > void *handlep; > @@ -412,6 +415,20 @@ > */ > (void)sigaction(SIGPIPE, &create_sigaction, NULL); > > + /* > + * Setting MAXREC also enables non-blocking mode for tcp connections. > + * This avoids DOS attacks by a client sending many requests but never > + * reading the reply: > + * - if a second request already is present for reading in the socket, > + * after the first request just was read, libtirpc will break the > + * connection. Thus an attacker can't simply send requests as fast as > + * he can without waiting for the response. > + * - if the write buffer of the socket is full, the next write() will > + * fail with EAGAIN. libtirpc will retry the write in a loop for max. > + * 2 seconds. If write still fails, the connection will be closed. > + */ > + rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrec); > + > handlep = setnetconfig(); > if (handlep == NULL) { > xlog(L_ERROR, "Failed to access local netconfig database: %s", RPC_MAXDATASIZE is 9000. This number is only relevant on the receive size. When sending, the "sendsz" passed to svc_tli_create (which default to 64K for TCP) is used for the 'record size'. When receiving, any 'record' in a tcp connection which is larger than 9000 bytes will be rejected. No message to mountd or statd could ever be that large, so this number does not impose a problematic limit. As far as I can tell, this patch is safe and is a clear improvement. Reviewed-by: NeilBrown <neilb@suse.de> Thanks, NeilBrown [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 811 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid DOS 2014-11-05 22:35 ` [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid DOS NeilBrown @ 2014-11-06 19:54 ` Strösser, Bodo 0 siblings, 0 replies; 3+ messages in thread From: Strösser, Bodo @ 2014-11-06 19:54 UTC (permalink / raw) To: NeilBrown; +Cc: linux-nfs@vger.kernel.org, bfields@fieldses.org > -----Original Message----- > From: NeilBrown [mailto:neilb@suse.de] > Sent: Wednesday, November 05, 2014 11:35 PM > To: Strösser, Bodo > Cc: linux-nfs@vger.kernel.org; bfields@fieldses.org > Subject: Re: [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid > DOS ... > RPC_MAXDATASIZE is 9000. > This number is only relevant on the receive size. > When sending, the "sendsz" passed to svc_tli_create (which default to 64K for > TCP) is used for the 'record size'. > When receiving, any 'record' in a tcp connection which is larger than 9000 > bytes will be rejected. > No message to mountd or statd could ever be that large, so this number > does not impose a problematic limit. Thank you for this explanation. That's what I wanted to but didn't know. Bodo > > As far as I can tell, this patch is safe and is a clear improvement. > > Reviewed-by: NeilBrown <neilb@suse.de> > > Thanks, > NeilBrown ^ permalink raw reply [flat|nested] 3+ messages in thread
* [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid DOS @ 2014-11-05 20:24 bstroesser 0 siblings, 0 replies; 3+ messages in thread From: bstroesser @ 2014-11-05 20:24 UTC (permalink / raw) To: neilb, linux-nfs; +Cc: bfields, bstroesser RnJvbTogQm9kbyBTdHJvZXNzZXIgPGJzdHJvZXNzZXJAdHMuZnVqaXRzdS5jb20+CkRhdGU6 IFRodSwgMDkgT2N0IDIwMTQgMTM6MDY6MTkgKzAyMDAKU3ViamVjdDogW25mcy11dGlsc10g W1BBVENIIDMvM10gcnBjLm1vdW50ZDogc2V0IGxpYnRpcnBjIG5vbmJsb2NraW5nIG1vZGUg dG8gYXZvaWQgRE9TCgpUaGlzIHBhdGNoIGlzIGV4cGVyaW1lbnRhbC4gSW4gd29ya3MgZmlu ZSBpbiB0aGF0IGl0IHJlbW92ZXMgdGhlIHZ1bG5lcmFiaWxpdHkKYWdhaW5zdCBhIERPUyBh dHRhY2suIHJwYy5tb3VudGQgY2FuIGJlIGJsb2NrZWQgYnkgYSBiYWQgY2xpZW50LCB0aGF0 IHNlbmRzCm1hbnkgUlBDIHJlcXVlc3RzIGJ1dCBuZXZlciByZWFkcyB0aGUgcmVzcG9uc2Vz LiBUaGlzIG1pZ2h0IGhhcHBlbiBpbnRlbnRpb25hbGx5Cm9yIGNhdXNlZCBieSBhIHdyb25n IG5ldHdvcmsgY29uZmlnIChNVFUpLgpUaGUgcGF0Y2ggc3dpdGNoZXMgb24gdGhlIG5vbmJs b2NraW5nIG1vZGUgb2YgbGlidGlycGMuIEluIHRoYXQgbW9kZSB3cml0ZXMgY2FuCmJsb2Nr IGZvciBhIG1heC4gb2YgMiBzZWNvbmRzLiBBdHRhY2tlcnMgYXJlIGZvcmNlZCB0byBzZW5k IHJlcXVlc3RzIHNsb3dlciwgYXMKbGlidGlycGMgd2lsbCBjbG9zZSBhIGNvbm5lY3Rpb24g aWYgaXQgZmluZHMgdHdvIHJlcXVlc3RzIHRvIHJlYWQgYXQgdGhlIHNhbWUKdGltZS4KSSBk byBub3Qga25vdywgd2hldGhlciBzZXR0aW5nIE1BWFJFQyBjb3VsZCBjYXVzZSB0cm91Ymxl IGUuZy4gd2l0aCBiaWcgcmVwbGllcy4KIAoKU2lnbmVkLW9mZi1ieTogQm9kbyBTdHJvZXNz ZXIgPGJzdHJvZXNzZXJAdHMuZnVqaXRzdS5jb20+Ci0tLQoKLS0tIG5mcy11dGlscy0xLjMu MS9zdXBwb3J0L25mcy9zdmNfY3JlYXRlLmMJMjAxNC0xMC0wOSAxMjowOToxNS4wMDAwMDAw MDAgKzAyMDAKKysrIG5mcy11dGlscy0xLjMuMS9zdXBwb3J0L25mcy9zdmNfY3JlYXRlLmMJ MjAxNC0xMC0wOSAxMjoxMzozMi4wMDAwMDAwMDAgKzAyMDAKQEAgLTQ5LDYgKzQ5LDggQEAK IAogI2lmZGVmIEhBVkVfTElCVElSUEMKIAorI2luY2x1ZGUgPHJwYy9ycGNfY29tLmg+CisK ICNkZWZpbmUgU1ZDX0NSRUFURV9YUFJUX0NBQ0hFX1NJWkUJKDgpCiBzdGF0aWMgU1ZDWFBS VCAqc3ZjX2NyZWF0ZV94cHJ0X2NhY2hlW1NWQ19DUkVBVEVfWFBSVF9DQUNIRV9TSVpFXSA9 IHsgTlVMTCwgfTsKIApAQCAtNDAxLDYgKzQwMyw3IEBACiAJY29uc3Qgc3RydWN0IHNpZ2Fj dGlvbiBjcmVhdGVfc2lnYWN0aW9uID0gewogCQkuc2FfaGFuZGxlcgk9IFNJR19JR04sCiAJ fTsKKwlpbnQgbWF4cmVjID0gUlBDX01BWERBVEFTSVpFOwogCXVuc2lnbmVkIGludCB2aXNp YmxlLCB1cCwgc2VydnBvcnQ7CiAJc3RydWN0IG5ldGNvbmZpZyAqbmNvbmY7CiAJdm9pZCAq aGFuZGxlcDsKQEAgLTQxMiw2ICs0MTUsMjAgQEAKIAkgKi8KIAkodm9pZClzaWdhY3Rpb24o U0lHUElQRSwgJmNyZWF0ZV9zaWdhY3Rpb24sIE5VTEwpOwogCisJLyoKKwkgKiBTZXR0aW5n IE1BWFJFQyBhbHNvIGVuYWJsZXMgbm9uLWJsb2NraW5nIG1vZGUgZm9yIHRjcCBjb25uZWN0 aW9ucy4KKwkgKiBUaGlzIGF2b2lkcyBET1MgYXR0YWNrcyBieSBhIGNsaWVudCBzZW5kaW5n IG1hbnkgcmVxdWVzdHMgYnV0IG5ldmVyCisJICogcmVhZGluZyB0aGUgcmVwbHk6CisJICog LSBpZiBhIHNlY29uZCByZXF1ZXN0IGFscmVhZHkgaXMgcHJlc2VudCBmb3IgcmVhZGluZyBp biB0aGUgc29ja2V0LAorCSAqICAgYWZ0ZXIgdGhlIGZpcnN0IHJlcXVlc3QganVzdCB3YXMg cmVhZCwgbGlidGlycGMgd2lsbCBicmVhayB0aGUKKwkgKiAgIGNvbm5lY3Rpb24uIFRodXMg YW4gYXR0YWNrZXIgY2FuJ3Qgc2ltcGx5IHNlbmQgcmVxdWVzdHMgYXMgZmFzdCBhcworCSAq ICAgaGUgY2FuIHdpdGhvdXQgd2FpdGluZyBmb3IgdGhlIHJlc3BvbnNlLgorCSAqIC0gaWYg dGhlIHdyaXRlIGJ1ZmZlciBvZiB0aGUgc29ja2V0IGlzIGZ1bGwsIHRoZSBuZXh0IHdyaXRl KCkgd2lsbAorCSAqICAgZmFpbCB3aXRoIEVBR0FJTi4gbGlidGlycGMgd2lsbCByZXRyeSB0 aGUgd3JpdGUgaW4gYSBsb29wIGZvciBtYXguCisJICogICAyIHNlY29uZHMuIElmIHdyaXRl IHN0aWxsIGZhaWxzLCB0aGUgY29ubmVjdGlvbiB3aWxsIGJlIGNsb3NlZC4KKwkgKi8gICAK KwlycGNfY29udHJvbChSUENfU1ZDX0NPTk5NQVhSRUNfU0VULCAmbWF4cmVjKTsKKwogCWhh bmRsZXAgPSBzZXRuZXRjb25maWcoKTsKIAlpZiAoaGFuZGxlcCA9PSBOVUxMKSB7CiAJCXhs b2coTF9FUlJPUiwgIkZhaWxlZCB0byBhY2Nlc3MgbG9jYWwgbmV0Y29uZmlnIGRhdGFiYXNl OiAlcyIsCg== ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-11-06 19:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <61eb00$5diu20@dgate20u.abg.fsc.net>
2014-11-05 22:35 ` [nfs-utils] [PATCH 3/3] rpc.mountd: set libtirpc nonblocking mode to avoid DOS NeilBrown
2014-11-06 19:54 ` Strösser, Bodo
2014-11-05 20:24 bstroesser
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox