FreeBSD Mail Archives

Date:      Tue, 30 Apr 2002 23:07:29 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        stable@freebsd.org
Subject:   Heads Up: Accept filters fixed
Message-ID:  <20020430225620.D32402-200000@patrocles.silby.com>

next in thread | raw e-mail | index | archive | help

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-1138352283-1020226049=:32402
Content-Type: TEXT/PLAIN; charset=US-ASCII

Just a quick note for those of you using accept filters with a 4.4+ kernel
using the syncache:  Your accept filters are broken, and easily DoSable.

The fix (attached) has now been committed to both 5.0 and 4.5, so I
recommend doing one of two things if you're using accept filters:

1.  Stop using them.

2.  Patch or cvsup and rebuild your kernel.

Mike "Silby" Silbersack

---------- Forwarded message ----------
Date: Tue, 30 Apr 2002 20:27:35 -0700 (PDT)
From: Mike Silbersack <silby@FreeBSD.org>
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/kern uipc_socket.c uipc_socket2.c

silby       2002/04/30 20:27:35 PDT

  Modified files:        (Branch: RELENG_4)
    sys/kern             uipc_socket.c uipc_socket2.c
  Log:
  MFC:

    Make sure that sockets undergoing accept filtering are aborted in a
    LRU fashion when the listen queue fills up.  Previously, there was
    no mechanism to kick out old sockets, leading to an easy DoS of
    daemons using accept filtering.

    Revision  Changes    Path
    1.116     +1 -2      src/sys/kern/uipc_socket.c
    1.87      +7 -1      src/sys/kern/uipc_socket2.c

  Revision   Changes    Path
  1.68.2.21  +1 -2      src/sys/kern/uipc_socket.c
  1.55.2.14  +7 -1      src/sys/kern/uipc_socket2.c

--0-1138352283-1020226049=:32402
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="acceptfilterfix2-stable.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <20020430230729.O32402@patrocles.silby.com>
Content-Description: 
Content-Disposition: attachment; filename="acceptfilterfix2-stable.patch"

ZGlmZiAtdSAtciAvdXNyL3NyYy9zeXMub2xkL2tlcm4vdWlwY19zb2NrZXQu
YyAvdXNyL3NyYy9zeXMva2Vybi91aXBjX3NvY2tldC5jDQotLS0gL3Vzci9z
cmMvc3lzLm9sZC9rZXJuL3VpcGNfc29ja2V0LmMJVGh1IEFwciAyNSAwMToy
NDoyNCAyMDAyDQorKysgL3Vzci9zcmMvc3lzL2tlcm4vdWlwY19zb2NrZXQu
YwlUaHUgQXByIDI1IDAxOjI4OjQwIDIwMDINCkBAIC0yNTcsNyArMjU3LDYg
QEANCiAJCX0gZWxzZSB7DQogCQkJcGFuaWMoInNvZnJlZTogbm90IHF1ZXVl
ZCIpOw0KIAkJfQ0KLQkJaGVhZC0+c29fcWxlbi0tOw0KIAkJc28tPnNvX3N0
YXRlICY9IH5TU19JTkNPTVA7DQogCQlzby0+c29faGVhZCA9IE5VTEw7DQog
CX0NCkBAIC0xNjQyLDYgKzE2NDEsNiBAQA0KIHsNCiAJc3RydWN0IHNvY2tl
dCAqc28gPSAoc3RydWN0IHNvY2tldCAqKWtuLT5rbl9mcC0+Zl9kYXRhOw0K
IA0KLQlrbi0+a25fZGF0YSA9IHNvLT5zb19xbGVuIC0gc28tPnNvX2luY3Fs
ZW47DQorCWtuLT5rbl9kYXRhID0gc28tPnNvX3FsZW47DQogCXJldHVybiAo
ISBUQUlMUV9FTVBUWSgmc28tPnNvX2NvbXApKTsNCiB9DQpkaWZmIC11IC1y
IC91c3Ivc3JjL3N5cy5vbGQva2Vybi91aXBjX3NvY2tldDIuYyAvdXNyL3Ny
Yy9zeXMva2Vybi91aXBjX3NvY2tldDIuYw0KLS0tIC91c3Ivc3JjL3N5cy5v
bGQva2Vybi91aXBjX3NvY2tldDIuYwlUaHUgQXByIDI1IDAxOjI0OjI0IDIw
MDINCisrKyAvdXNyL3NyYy9zeXMva2Vybi91aXBjX3NvY2tldDIuYwlUaHUg
QXByIDI1IDE2OjQzOjM3IDIwMDINCkBAIC0xMjMsNiArMTIzLDcgQEANCiAJ
CWhlYWQtPnNvX2luY3FsZW4tLTsNCiAJCXNvLT5zb19zdGF0ZSAmPSB+U1Nf
SU5DT01QOw0KIAkJVEFJTFFfSU5TRVJUX1RBSUwoJmhlYWQtPnNvX2NvbXAs
IHNvLCBzb19saXN0KTsNCisJCWhlYWQtPnNvX3FsZW4rKzsNCiAJCXNvLT5z
b19zdGF0ZSB8PSBTU19DT01QOw0KIAkJc29yd2FrZXVwKGhlYWQpOw0KIAkJ
d2FrZXVwX29uZSgmaGVhZC0+c29fdGltZW8pOw0KQEAgLTI1MSwxMiArMjUy
LDE3IEBADQogCWlmIChjb25uc3RhdHVzKSB7DQogCQlUQUlMUV9JTlNFUlRf
VEFJTCgmaGVhZC0+c29fY29tcCwgc28sIHNvX2xpc3QpOw0KIAkJc28tPnNv
X3N0YXRlIHw9IFNTX0NPTVA7DQorCQloZWFkLT5zb19xbGVuKys7DQogCX0g
ZWxzZSB7DQorCQlpZiAoaGVhZC0+c29faW5jcWxlbiA+PSBoZWFkLT5zb19x
bGltaXQpIHsNCisJCQlzdHJ1Y3Qgc29ja2V0ICpzcDsNCisJCQlzcCA9IFRB
SUxRX0ZJUlNUKCZoZWFkLT5zb19pbmNvbXApOw0KKwkJCSh2b2lkKSBzb2Fi
b3J0KHNwKTsNCisJCX0NCiAJCVRBSUxRX0lOU0VSVF9UQUlMKCZoZWFkLT5z
b19pbmNvbXAsIHNvLCBzb19saXN0KTsNCiAJCXNvLT5zb19zdGF0ZSB8PSBT
U19JTkNPTVA7DQogCQloZWFkLT5zb19pbmNxbGVuKys7DQogCX0NCi0JaGVh
ZC0+c29fcWxlbisrOw0KIAlpZiAoY29ubnN0YXR1cykgew0KIAkJc29yd2Fr
ZXVwKGhlYWQpOw0KIAkJd2FrZXVwKChjYWRkcl90KSZoZWFkLT5zb190aW1l
byk7DQo=
--0-1138352283-1020226049=:32402--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020430225620.D32402-200000>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation