Re: [PATCH] new UDPCP Communication Protocol

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Jesper Juhl

Subject: Re: [PATCH] new UDPCP Communication Protocol

Date: Sunday, January 2, 2011 - 4:04 pm

On Sun, 2 Jan 2011, Stefani Seibold wrote:

quoted text> Am Sonntag, den 02.01.2011, 23:49 +0100 schrieb Eric Dumazet:
> > Le dimanche 02 janvier 2011 à 23:39 +0100, stefani@seibold.net a écrit :
> > > +
> > > +/*
> > > + * Create a new destination descriptor for the given IPV4 address and port
> > > + */
> > > +static struct udpcp_dest *new_dest(struct sock *sk, __be32 addr, __be16 port)
> > > +{
> > > +	struct udpcp_dest *dest;
> > > +	struct udpcp_sock *usk = udpcp_sk(sk);
> > > +
> > > +	if (usk->connections >= udpcp_max_connections)
> > > +		return NULL;
> > > +
> > > +	dest = kzalloc(sizeof(*dest), sk->sk_allocation);
> > > +
> > > +	if (dest) {
> > > +		usk->connections++;
> > > +		skb_queue_head_init(&dest->xmit);
> > > +		dest->addr = addr;
> > > +		dest->port = port;
> > > +		dest->ackmode = UDPCP_ACK;
> > > +		list_add_tail(&dest->list, &usk->destlist);
> > > +	}
> > > +
> > > +	return dest;
> > > +}
> > > +
> > 
> > Hmm, so 'connections' is increased, never decreased.
> > 
> > This seems a fatal flaw in this protocol, since a malicious user can
> > easily fill the list with garbage, and block regular communications.
> 
> You are right, there is now way to detect which connection is no longer
> needed. I have not designed this protocol, so i cannot fix it. 
> 
> But in our environment this will be used together with an firewall
> and/or ipsec. In this case it it safe.
> 

Hmm, the first thing that springs into my head as a possible band-aid 
(which is probbaly wrong for many reasons I've not considered, so feel 
free to shoot it down) is; couldn't we use a timer (set to some outrageous 
high value by default and admin tunable) that would decrement 
'connections' (discount dead connections) when there has not been any 
acctivity for a huge period of time? Kill off connections that have been 
idle for ages.

Not perfect, but that would at least let the system recover after a while 
if a malicious client did something nasty with many connections...


-- 
Jesper Juhl <jj@chaosbits.net>            http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] new UDPCP Communication Protocol, stefani, (Sun Jan 2, 3:39 pm)

Re: [PATCH] new UDPCP Communication Protocol, Eric Dumazet, (Sun Jan 2, 3:49 pm)

Re: [PATCH] new UDPCP Communication Protocol, Stefani Seibold, (Sun Jan 2, 3:55 pm)

Re: [PATCH] new UDPCP Communication Protocol, Jesper Juhl, (Sun Jan 2, 4:04 pm)

Re: [PATCH] new UDPCP Communication Protocol, Stefani Seibold, (Mon Jan 3, 2:08 am)

Re: [PATCH] new UDPCP Communication Protocol, Eric Dumazet, (Mon Jan 3, 2:27 am)

Re: [PATCH] new UDPCP Communication Protocol, Stefani Seibold, (Mon Jan 3, 2:54 am)

Re: [PATCH] new UDPCP Communication Protocol, Eric Dumazet, (Mon Jan 3, 3:39 am)

Re: [PATCH] new UDPCP Communication Protocol, Stefani Seibold, (Mon Jan 3, 7:08 am)

Navigation

Popular discussions


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Linus Torvalds	Linux 2.6.34-rc4
Colin Cross	[PATCH 12/21] ARM: tegra: Add suspend and hotplug support
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
git:
Ralf Wildenhues	[PATCH] Fix typos in the documentation
Len Brown	Re: fatal: unable to create '.git/index': File exists
Denis Bueno	Git clone error
Paolo Bonzini	Re: [RFC/PATCH 5/6] revert: add --ff option to allow fast forward when cherry-pick...
Sam Vilain	Re: RFC: Flat directory for notes, or fan-out? Both!
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	V4L/DVB: gspca - sonixj: Adjust minor values of sensor ov7630. - set the color ga...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
Sam Fourman Jr.	Re: Help with Altell PC6700
linux-netdev:
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Kurt Van Dijck	Re: [PATCH net-next-2.6 1/2] can: add driver for Softing card
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
David Miller	Re: [PATCH v2] net: typos in comments in include/linux/igmp.h

Colocation donated by:

Syndicate