Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 May 2009 14:38:16 -0700
From:      Juli Mallett <jmallett@FreeBSD.org>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r192463 - head/sys/fs/nfsserver
Message-ID:  <eaa228be0905201438w3f380f82x8367076ba814375e@mail.gmail.com>
In-Reply-To: <Pine.GSO.4.63.0905201730140.20113@muncher.cs.uoguelph.ca>
References:  <200905201858.n4KIw7Fc040619@svn.freebsd.org> <eaa228be0905201229m2fcd024t58c29206776e0a30@mail.gmail.com>  <Pine.GSO.4.63.0905201730140.20113@muncher.cs.uoguelph.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 20, 2009 at 2:36 PM, Rick Macklem <rmacklem@uoguelph.ca> wrote:
> On Wed, 20 May 2009, Juli Mallett wrote:
>
>> When client ids have been run out of, does that put something into a
>> dangerous state (insecure or crash-prone)? =A0Isn't it better to let the
>> administrator make the decision of when to reboot the machine?
>>
> Well, first off, this will "never" happen in practice. the clientid
> generator is a 32bit unsigned, which means it will wrap around in 13.6
> years if there is an average rate of 10 new clientids/sec. Since a new
> clientid only typically happens once per mount (some clients might even
> do less), it seems highly unlikely that an "average rate of 10/sec"
> could happen even on the busiest server with clients doing short term
> mounts. (There was talk of a client inside a web browser, but I don't
> know that it has ever been written.)

What's to prevent using this as a DoS vector?  Is it really so hard to
exhaust the server of clientids, forcing a reboot / drop to debugger?

> When the 32bit # wraps around, rebooting would be the only solution,
> since re-issuing the same clientid is verboten by the RFC.
>
> If it was something I will see happen in my lifetime, I would be more
> concerned about it.
>
> The only reason I put it in is so no one can argue I can violate the RFC.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eaa228be0905201438w3f380f82x8367076ba814375e>