Re: PROBLEM: DoS Attack on Fragment Cache

From: Eric Dumazet
Date: Mon Apr 19 2021 - 05:43:34 EST

Next message: Marco Elver: "Re: [PATCH 1/3] kfence: await for allocation using wait_event"
Previous message: alexander . antonov: "[RESEND PATCH v5 4/4] perf: Update .gitignore file"
In reply to: Matt Corallo: "Re: PROBLEM: DoS Attack on Fragment Cache"
Next in thread: Matt Corallo: "Re: PROBLEM: DoS Attack on Fragment Cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Apr 18, 2021 at 4:31 PM Matt Corallo
<netdev-list@xxxxxxxxxxxxxxx> wrote:
>
> Should the default, though, be so low? If someone is still using a old modem they can crank up the sysctl, it does seem
> like such things are pretty rare these days :). Its rather trivial to, without any kind of attack, hit 1Mbps of lost
> fragments in today's networks, at which point all fragments are dropped. After all, I submitted the patch to "scratch my
> own itch" :).

Again, even if you increase the values by 1000x, it is trivial for an
attacker to use all the memory you allowed.

And allowing a significant portion of memory to be eaten like that
might cause OOM on hosts where jobs are consuming all physical memory.

It is a sysctl, I changed things so that one could really reserve/use
16GB of memory if she/he is desperate about frags.

>
> Matt
>
> On 4/18/21 00:39, Willy Tarreau wrote:
> > I do agree that we shouldn't keep them that long nowadays, we can't go
> > too low without risking to break some slow transmission stacks (SLIP/PPP
> > over modems for example).

Next message: Marco Elver: "Re: [PATCH 1/3] kfence: await for allocation using wait_event"
Previous message: alexander . antonov: "[RESEND PATCH v5 4/4] perf: Update .gitignore file"
In reply to: Matt Corallo: "Re: PROBLEM: DoS Attack on Fragment Cache"
Next in thread: Matt Corallo: "Re: PROBLEM: DoS Attack on Fragment Cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]