Received SACK options are managed by a linked list at the TCP socket. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	bluhm <bluhm@openbsd.org>	2019-07-10 18:45:31 +0000
committer	bluhm <bluhm@openbsd.org>	2019-07-10 18:45:31 +0000
commit	ed8fdce754a5d8d14c09e989d8877707bd43906f (patch)
tree	6bb6e44679fa049006e3344a12898e6ba7578beb /usr.bin/mandoc/manpath.c
parent	Make read/write of the f_offset field belonging to struct file MP-safe; (diff)
download	wireguard-openbsd-ed8fdce754a5d8d14c09e989d8877707bd43906f.tar.xz wireguard-openbsd-ed8fdce754a5d8d14c09e989d8877707bd43906f.zip

Received SACK options are managed by a linked list at the TCP socket.

There is a global tunable limit net.inet.tcp.sackholelimit, default is 32768. If an attacker manages to attach all these sack holes to a few TCP connections, the lists may grow long. Traversing them might cause higher CPU consumption on the victim machine. In practice such a situation is hard to create as the TCP retransmit and 2*msl timer flush the list periodically. For additional protection, enforce a per connection limit of 128 SACK holes in the list. reported by Reuven Plevinsky and Tal Vainshtein discussed with claudio@ and procter@; OK deraadt@

Diffstat (limited to 'usr.bin/mandoc/manpath.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: