Date: Mon, 11 Nov 2002 15:20:45 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/45223: Source Quench packets should not be generated by routers Message-ID: <20021111202045.54D7456766D@canoe.velocet.net>
next in thread | raw e-mail | index | archive | help
>Number: 45223
>Category: kern
>Synopsis: Source Quench packets should not be generated by routers
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 11 12:30:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: David Gilbert
>Release: FreeBSD 4.7-STABLE i386
>Organization:
Velocet Communications
>Environment:
System: FreeBSD canoe.velocet.net 4.7-STABLE FreeBSD 4.7-STABLE #8: Fri Nov 1 18:01:25 EST 2002 dgilbert@canoe.velocet.net:/usr/src/sys/compile/CANOE i386
AFAIK, all FreeBSD is affected by this.
>Description:
RFC 1812 says that source quench packets should not be generated by
routers. Doing so causes DOS amplification.
>How-To-Repeat:
DOS a FreeBSD router. You can see a 100M full of source quench if your
router is powerful enough.
>Fix:
--- /sys/netinet/ip_input.c Thu Oct 17 08:29:53 2002
+++ ip_input.c Mon Nov 11 15:15:31 2002
@@ -1822,9 +1822,7 @@
break;
case ENOBUFS:
- type = ICMP_SOURCEQUENCH;
- code = 0;
- break;
+ return;
case EACCES: /* ipfw denied packet */
m_freem(mcopy);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021111202045.54D7456766D>