Re: Kernel-DOS error in arp mechanism – no delete off incomplete arp adresses

From: richard -rw- weinberger
Date: Sat Dec 17 2011 - 08:26:07 EST

Next message: Sebastian Andrzej Siewior: "[RFC 2/2] perf: duct tape a crash on perf kvm --guestmount=$(pwd) report"
Previous message: Hao, Xudong: "[PATCH] PCI: Enable ATS at the device state restore"
In reply to: Robert Gladewitz: "Kernel-DOS error in arp mechanism â no delete off incomplete arp adresses"
Next in thread: Eric Dumazet: "Re: Kernel-DOS error in arp mechanism â nodelete off incomplete arp adresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Dec 17, 2011 at 9:27 AM, Robert Gladewitz <gladewitz@xxxxxx> wrote:
> Hello,
>
> first i have to say sorry for m y bad english. I try my best to descripe the
> error.
>
> I Use Linux-Routers for internal and external firewall components. For this
> I Use own kernel configurations und use only the drivers an modules what I
> need. Other features and modules I deactivated in my kernel versions
>
> Since the kernel version 2.6.36 there is some mistake in the ipv4 arp
> implementation. The the System try to find an unknown system, the send an
> “who is” and marked the ip address as “incomplete” (German: unvollständig).
> The thing is, usually linux delete all incomplete and complete entries in
> some time, but in all kernel versions since 2.6.36 he doas not delete any
> addresses.
>
> In my case, I scan my network-segmens for new devices (Kaspersky, Landesk)
> and on this process, the router learned a lot of incomplete addresses. I
> have some class b networks (from the history), and this means the router
> will be learned mor then 2^16 adresses.
>
> Now the kerlen learn a maximum addresses – I know this is defined on
> gc_thresh1 , gc_thresh2 and gc_thresh3 in the proc system under
> sys.net.ipv4.neight.default. If the table have the maximum addresses in the
> table (default=1024), no new host can send traffic packet over this router.
> This means, we have a classical risk of DOS. In my case, I have only an
> internal risk, but some providers may have also external risc.
>
> I hope, my description help you to find this error. I send also my kernel
> config, may there is some relation to small configurations in kernel
>
> Viele Grüße
>
> Robert Gladewitz
>

CC'ing netdev.

--
Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sebastian Andrzej Siewior: "[RFC 2/2] perf: duct tape a crash on perf kvm --guestmount=$(pwd) report"
Previous message: Hao, Xudong: "[PATCH] PCI: Enable ATS at the device state restore"
In reply to: Robert Gladewitz: "Kernel-DOS error in arp mechanism â no delete off incomplete arp adresses"
Next in thread: Eric Dumazet: "Re: Kernel-DOS error in arp mechanism â nodelete off incomplete arp adresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]