From: Stefani Seibold <stefani@seibold.net>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: linux-kernel@vger.kernel.org, akpm@linux-foundation.org,
davem@davemloft.net, netdev@vger.kernel.org,
shemminger@vyatta.com, jj@chaosbits.net, daniel.baluta@gmail.com,
jochen@jochen.org
Subject: Re: [PATCH] new UDPCP Communication Protocol
Date: Sun, 02 Jan 2011 23:55:17 +0100 [thread overview]
Message-ID: <1294008917.18963.3.camel@wall-e> (raw)
In-Reply-To: <1294008562.2535.263.camel@edumazet-laptop>
Am Sonntag, den 02.01.2011, 23:49 +0100 schrieb Eric Dumazet:
> Le dimanche 02 janvier 2011 à 23:39 +0100, stefani@seibold.net a écrit :
> > +
> > +/*
> > + * Create a new destination descriptor for the given IPV4 address and port
> > + */
> > +static struct udpcp_dest *new_dest(struct sock *sk, __be32 addr, __be16 port)
> > +{
> > + struct udpcp_dest *dest;
> > + struct udpcp_sock *usk = udpcp_sk(sk);
> > +
> > + if (usk->connections >= udpcp_max_connections)
> > + return NULL;
> > +
> > + dest = kzalloc(sizeof(*dest), sk->sk_allocation);
> > +
> > + if (dest) {
> > + usk->connections++;
> > + skb_queue_head_init(&dest->xmit);
> > + dest->addr = addr;
> > + dest->port = port;
> > + dest->ackmode = UDPCP_ACK;
> > + list_add_tail(&dest->list, &usk->destlist);
> > + }
> > +
> > + return dest;
> > +}
> > +
>
> Hmm, so 'connections' is increased, never decreased.
>
> This seems a fatal flaw in this protocol, since a malicious user can
> easily fill the list with garbage, and block regular communications.
You are right, there is now way to detect which connection is no longer
needed. I have not designed this protocol, so i cannot fix it.
But in our environment this will be used together with an firewall
and/or ipsec. In this case it it safe.
next prev parent reply other threads:[~2011-01-02 22:55 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-02 22:39 [PATCH] new UDPCP Communication Protocol stefani
2011-01-02 22:49 ` Eric Dumazet
2011-01-02 22:55 ` Stefani Seibold [this message]
2011-01-02 23:04 ` Jesper Juhl
2011-01-03 9:08 ` Stefani Seibold
2011-01-03 9:27 ` Eric Dumazet
2011-01-03 9:54 ` Stefani Seibold
2011-01-03 10:39 ` Eric Dumazet
2011-01-03 14:08 ` Stefani Seibold
-- strict thread matches above, loose matches on Subject: below --
2011-01-11 16:48 stefani
2011-01-11 17:01 ` Eric Dumazet
2011-01-11 20:50 ` Stefani Seibold
2011-01-11 20:52 ` David Miller
2011-01-11 21:14 ` Stefani Seibold
2011-01-11 21:19 ` David Miller
2011-01-11 21:41 ` Stefani Seibold
2011-01-11 21:46 ` Eric Dumazet
2011-01-11 22:23 ` Stefani Seibold
2011-01-11 21:30 ` Eric Dumazet
2011-01-11 21:40 ` Stefani Seibold
2011-01-11 21:06 ` Eric Dumazet
2011-01-03 14:34 stefani
2011-01-02 15:31 stefani
2011-01-02 16:34 ` Eric Dumazet
2011-01-02 19:48 ` Daniel Baluta
2011-01-02 21:33 ` Stefani Seibold
2011-01-02 21:40 ` Jesper Juhl
2011-01-02 19:55 ` Jesper Juhl
2011-01-02 21:46 ` Stefani Seibold
2011-01-02 22:04 ` Jesper Juhl
2011-01-02 22:21 ` Stefani Seibold
2011-01-02 20:16 ` Rémi Denis-Courmont
2011-01-02 21:37 ` Stefani Seibold
2011-01-02 21:55 ` Eric Dumazet
2011-01-02 22:16 ` Stefani Seibold
2011-01-02 22:31 ` Eric Dumazet
2011-01-01 21:44 stefani
2011-01-01 22:23 ` Eric Dumazet
2011-01-02 11:17 ` Stefani Seibold
2011-01-02 11:33 ` Eric Dumazet
2011-01-02 11:57 ` Stefani Seibold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1294008917.18963.3.camel@wall-e \
--to=stefani@seibold.net \
--cc=akpm@linux-foundation.org \
--cc=daniel.baluta@gmail.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jj@chaosbits.net \
--cc=jochen@jochen.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).