Netdev List
 help / color / mirror / Atom feed
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: John Heffner <johnwheffner@gmail.com>
Cc: David Miller <davem@davemloft.net>,
	Netdev <netdev@vger.kernel.org>,
	Eric Dumazet <eric.dumazet@gmail.com>,
	steffen.klassert@secunet.com, fweimer@redhat.com
Subject: Re: [PATCH net-next v4 0/3] path mtu hardening patches
Date: Mon, 13 Jan 2014 21:42:53 +0100	[thread overview]
Message-ID: <20140113204253.GI6586@order.stressinduktion.org> (raw)
In-Reply-To: <CABrhC0n2AgHNQg-2nQk-sx1=k2=TvmGa+2seqoNT=XyDdz59yg@mail.gmail.com>

On Mon, Jan 13, 2014 at 02:35:31PM -0500, John Heffner wrote:
> On Mon, Jan 13, 2014 at 2:25 PM, David Miller <davem@davemloft.net> wrote:
> > From: hannes@stressinduktion.org
> > Date: Thu,  9 Jan 2014 10:01:14 +0100
> >
> >> After a lot of back and forth I want to propose these changes regarding
> >> path mtu hardening and give an outline why I think this is the best way
> >> how to proceed:
> >
> > I'm not going to fight this any more even though I still disagree with
> > these changes.  John Heffner has not provided a coherent strong
> > argument for not doing this, in fact the counter arguments were
> > extremely vague.
> >
> > I am pretty sure that now my worst fears will be realized and every
> > single distribution will not use the kernel's default, and everyone
> > will get this behavior rather than adminstrators making well informed
> > decisions about how to defend against these kind of situations when
> > enabling routing, or whether they'd even be exposed to the issue at
> > all in a particular setup.
> >
> > Such is life.

:/

> My only comment would be not to look to me as the only source of
> reason not to include this change.  I've been largely disconnected
> from Linux development for several years and don't have time to get
> into a protracted discussion on this topic.
> 
> FWIW, I still have doubts as to whether this is the best approach to
> solving the underlying problem.  I still haven't heard any reason why
> firewall rules and other administrative best practices, such as using

Because we currently cannot easily filter icmp payloads and check whether
it is in a response for a local socket or a malicious one.

> separate management and forwarding interfaces on a router, don't
> practically solve this problem.

I don't think this is practiable, especially in times of small devices
doing routing (e.g. smartphones).

> I'd also be curious to hear what
> dedicated routing operating systems do, and why I haven't heard about
> widespread fragmentation DoS attacks.

My old Cisco didn't honour those pmtu packets (at least in default
configuration) and FreeBSD only accepts pmtu information for TCP sockets
where it also verifies the sequence number. It does not react to pmtu
notifications in response to icmp or udp payloads.

Routing path does use the pmtu values on FreeBSD, though. But it is much
harder to inject path mtu packets there because, as said, they are only
accepted for tcp.

> That said, this probably won't deeply break anything, but adds yet
> more complexity in the core of the network stack...

Actually I feel a bit emberrased how these changes went in. At first I
thought they wouldn't be that much of a problem. I'll try to improve my
communiation skills and try to listen more carefully.

Thank you, David and John!

Greetings,

  Hannes

  reply	other threads:[~2014-01-13 20:42 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-09  9:01 [PATCH net-next v4 0/3] path mtu hardening patches hannes
2014-01-09  9:01 ` [PATCH net-next v4 1/3] ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing hannes
2014-01-09  9:01 ` [PATCH net-next v3 2/3] ipv6: introduce ip6_dst_mtu_forward and protect forwarding path with it hannes
2014-01-09  9:01 ` [PATCH net-next v2 3/3] ipv4: introduce hardened ip_no_pmtu_disc mode hannes
2014-01-13 19:25 ` [PATCH net-next v4 0/3] path mtu hardening patches David Miller
2014-01-13 19:35   ` John Heffner
2014-01-13 20:42     ` Hannes Frederic Sowa [this message]
2014-01-13 21:08       ` John Heffner
2014-01-13 21:28         ` Hannes Frederic Sowa
2014-01-13 21:50           ` John Heffner
2014-01-13 22:03             ` Hannes Frederic Sowa
2014-01-13 22:15               ` Hannes Frederic Sowa
2014-01-13 22:48                 ` Florian Westphal
2014-01-13 23:18                   ` Hannes Frederic Sowa
2014-01-13 22:12             ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140113204253.GI6586@order.stressinduktion.org \
    --to=hannes@stressinduktion.org \
    --cc=davem@davemloft.net \
    --cc=eric.dumazet@gmail.com \
    --cc=fweimer@redhat.com \
    --cc=johnwheffner@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=steffen.klassert@secunet.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox