From owner-freebsd-hackers  Mon Nov 11 12:20:56 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5557837B401
	for <freebsd-hackers@freebsd.org>; Mon, 11 Nov 2002 12:20:52 -0800 (PST)
Received: from sabre.velocet.net (sabre.velocet.net [216.138.209.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8398843E3B
	for <freebsd-hackers@freebsd.org>; Mon, 11 Nov 2002 12:20:51 -0800 (PST)
	(envelope-from dgilbert@velocet.ca)
Received: from trooper.velocet.ca (trooper.velocet.net [216.138.242.2])
	by sabre.velocet.net (Postfix) with ESMTP id 91992137FEB
	for <freebsd-hackers@freebsd.org>; Mon, 11 Nov 2002 15:20:50 -0500 (EST)
Received: by trooper.velocet.ca (Postfix, from userid 66)
	id 82B38745D4; Mon, 11 Nov 2002 15:20:50 -0500 (EST)
Received: by canoe.velocet.net (Postfix, from userid 101)
	id 020C556766F; Mon, 11 Nov 2002 15:20:48 -0500 (EST)
From: David Gilbert <dgilbert@velocet.ca>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="EWhAV44eI9"
Content-Transfer-Encoding: 7bit
Message-ID: <15824.4383.916763.477130@canoe.velocet.net>
Date: Mon, 11 Nov 2002 15:20:47 -0500
To: freebsd-hackers@freebsd.org
Subject: forwarded message on Source Quench Packets.
X-Mailer: VM 7.07 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


--EWhAV44eI9
Content-Type: text/plain; charset=us-ascii
Content-Description: message body text
Content-Transfer-Encoding: 7bit

I normally wouldn't forward something to such a big list, but this has
real implications (and was part of a nast DOS against dsl.ca last
week).  The patch for FreeBSD (netbsd code is quoted) is trivial:

--- /sys/netinet/ip_input.c     Thu Oct 17 08:29:53 2002
+++ ip_input.c  Mon Nov 11 15:15:31 2002
@@ -1822,9 +1822,7 @@
                break;
 
        case ENOBUFS:
-               type = ICMP_SOURCEQUENCH;
-               code = 0;
-               break;
+               return;
 
        case EACCES:                    /* ipfw denied packet */
                m_freem(mcopy);

I'm submitting a PR now.

For discussion: source quenches probably shouldn't be generated
anyways, but this patch also doesn't generate the source quench if
we're the target machine.  It's probably good to go straight ahead
with this.  IIRC, tcp_input.c also can generate a source quench
...


--EWhAV44eI9
Content-Type: message/rfc822
Content-Description: forwarded message
Content-Transfer-Encoding: 7bit

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Received: by trooper.velocet.ca (mbox dgilbert)
 (with Cubic Circle's cucipop (v1.31 1998/05/13) Mon Nov 11 14:55:30 2002)
X-From_: math@velocet.ca  Mon Nov 11 13:42:51 2002
Return-Path: <math@velocet.ca>
Delivered-To: dgilbert@office.tor.velocet.net
Received: from sabre.velocet.net (sabre.velocet.net [216.138.209.205])
	by trooper.velocet.ca (Postfix) with ESMTP id D073C7469E
	for <dgilbert@office.tor.velocet.net>; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Received: by sabre.velocet.net (Postfix)
	id 3886C138114; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Delivered-To: dgilbert@velocet.ca
Received: from trooper.velocet.ca (trooper.velocet.net [216.138.242.2])
	by sabre.velocet.net (Postfix) with ESMTP
	id 17BFA1380BD; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Received: by trooper.velocet.ca (Postfix)
	id EE8E57469F; Mon, 11 Nov 2002 13:42:50 -0500 (EST)
Delivered-To: admin@office.tor.velocet.net
Received: from sabre.velocet.net (sabre.velocet.net [216.138.209.205])
	by trooper.velocet.ca (Postfix) with ESMTP id D9D2C745D4
	for <admin@office.tor.velocet.net>; Mon, 11 Nov 2002 13:42:49 -0500 (EST)
Received: from trooper.velocet.ca (trooper.velocet.net [216.138.242.2])
	by sabre.velocet.net (Postfix) with ESMTP
	id A4C01138039; Mon, 11 Nov 2002 13:42:49 -0500 (EST)
Received: by trooper.velocet.ca (Postfix, from userid 102)
	id 8B84674335; Mon, 11 Nov 2002 13:42:49 -0500 (EST)
Message-ID: <20021111134249.C29373@velocet.ca>
References: <20021111181750.C96B26BDDC@mortar.velocet.net>
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20021111181750.C96B26BDDC@mortar.velocet.net>; from richardsj@mobile.rogers.com on Mon, Nov 11, 2002 at 02:11:42PM -0400
X-Spam-Status: No, hits=-16.0 required=5.0
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,
	      SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,USER_AGENT,
	      USER_AGENT_MUTT
	version=2.41
X-Spam-Level: 
From: Ken Chase <math@velocet.ca>
To: jrichard@wiznet.ca
Cc: scopplestone@wiznet.ca, jmason@wiznet.ca, admin@velocet.ca
Subject: Re: From th Netbsd source...
Date: Mon, 11 Nov 2002 13:42:49 -0500

On Mon, Nov 11, 2002 at 02:11:42PM -0400, richard's all...
> Maybe a bit late...
> But.....
> ------snip-----
> #if 1
> 		/*
> 		 * a router should not generate ICMP_SOURCEQUENCH as
> 		 * required in RFC1812 Requirements for IP Version 4 Routers.
> 		 * source quench could be a big problem under DoS attacks,
> 		 * or if the underlying interface is rate-limited.
> 		 */

4.3.3.3 Source Quench

   A router SHOULD NOT originate ICMP Source Quench messages.  As
   specified in Section [4.3.2], a router that does originate Source
   Quench messages MUST be able to limit the rate at which they are
   generated.

  DISCUSSION
      Research seems to suggest that Source Quench consumes network
      bandwidth but is an ineffective (and unfair) antidote to
      congestion.  See, for example, [INTERNET:9] and [INTERNET:10].
      Section [5.3.6] discusses the current thinking on how routers
      ought to deal with overload and network congestion.

   A router MAY ignore any ICMP Source Quench messages it receives.

   DISCUSSION
      A router itself may receive a Source Quench as the result of
      originating a packet sent to another router or host.  Such
      datagrams might be, e.g., an EGP update sent to another router, or
      a telnet stream sent to a host.  A mechanism has been proposed
      ([INTERNET:11], [INTERNET:12]) to make the IP layer respond
      directly to Source Quench by controlling the rate at which packets
      are sent, however, this proposal is currently experimental and not
      currently recommended.

INTERNET:9.
        A.  Mankin, G.  Hollingsworth, G.  Reichlen, K.  Thompson, R.
        Wilder, and R.  Zahavi, "Evaluation of Internet Performance -
        FY89", Technical Report MTR-89W00216, MITRE Corporation,
        February, 1990.

   INTERNET:10.
        G.  Finn, A "Connectionless Congestion Control Algorithm",
        Computer Communications Review, volume 19, number 5, Association
        for Computing Machinery, October 1989.

/kc


> 		if (mcopy)
> 			m_freem(mcopy);
> 		return;
> #else
> 		type = ICMP_SOURCEQUENCH;
> 		code = 0;
> 		break;
> #endif
> 
> 
> - - - - - - - - - - - - - 
> Jonathan Richards 
> Tel:+1-416-876-5219
> Fax:+1-708-575-1680
> Email:jrichards@wiznet.ca

-- 
Ken Chase, math@velocet.ca  *  Velocet Communications Inc.  *  Toronto, CANADA 


--EWhAV44eI9
Content-Type: text/plain; charset=us-ascii
Content-Description: message body text
Content-Transfer-Encoding: 7bit


Dave.
--EWhAV44eI9--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message