Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Jan 2000 18:47:27 -0800
From:      gdonl@tsc.tdk.com (Don Lewis)
To:        Wes Peters <wes@softweyr.com>, Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        Matthew Dillon <dillon@apollo.backplane.com>, Alfred Perlstein <bright@wintelcom.net>, Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject:   Re: stream.c worst-case kernel paths
Message-ID:  <200001220247.SAA15469@salsa.gv.tsc.tdk.com>
In-Reply-To: Wes Peters <wes@softweyr.com> "Re: stream.c worst-case kernel paths" (Jan 21,  7:19pm)
next in thread | previous in thread | raw e-mail | index | archive | help 
On Jan 21,  7:19pm, Wes Peters wrote:
} Subject: Re: stream.c worst-case kernel paths
} Poul-Henning Kamp wrote:
} > 
} > In message <200001212311.PAA64559@apollo.backplane.com>, Matthew Dillon writes:
} > 
} > >    No, this is far too dangerous.  If a packet is bad due to being
} > >    corrupted then you want to throw it away (via the checksum check)
} > >    *BEFORE* you start messing around with the socket state.  Otherwise
} > >    a perfectly legitimate packet that got corrupted in transit may
} > >    cause a disconnect or other failure.
} > 
} > It makes a lot of sense to do cheap (relative to the checksum)
} > checks on the packet before we do the checksum, as long as we
} > don't modify any state before the checksum is validated.
} > 
} > If it is cheaper to try to locate the pcb, than to calculate the
} > checksum, the locate the pcb first and drop the packet before
} > doing the checksum.
} 
} Except you may get a false match on a garbled packet, that just happened
} to get garbled to match a different connection.  The checksum is done
} first to avoid such situations.  Until the packet has been verified good,
} none of the data in it can be trusted.

It shouldn't matter if you skip the checksum on any path that doesn't
affect the connection state and does a "goto drop".

This really doesn't matter, though, if the machine is configured with
enough CPU to handle valid packets at wire speed.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220247.SAA15469>