IETF Logo Mail Archive

[tcpm] [Fwd: Re: On the implementation of TCP urgent data (IETF Internet Draft)]

Fernando Gont <fernando@gont.com.ar> Sat, 28 February 2009 20:34 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C66AE28C15D for <tcpm@core3.amsl.com>; Sat, 28 Feb 2009 12:34:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.518
X-Spam-Level:
X-Spam-Status: No, score=-2.518 tagged_above=-999 required=5 tests=[AWL=1.081, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9O8KsoNxKiGk for <tcpm@core3.amsl.com>; Sat, 28 Feb 2009 12:34:17 -0800 (PST)
Received: from smtp1.xmundo.net (smtp1.xmundo.net [201.216.232.80]) by core3.amsl.com (Postfix) with ESMTP id 67FE928C14C for <tcpm@ietf.org>; Sat, 28 Feb 2009 12:34:16 -0800 (PST)
Received: from venus.xmundo.net (venus.xmundo.net [201.216.232.56]) by smtp1.xmundo.net (Postfix) with ESMTP id 577146B6662 for <tcpm@ietf.org>; Sat, 28 Feb 2009 17:34:42 -0300 (ART)
Received: from [192.168.1.115] (91-130-17-190.fibertel.com.ar [190.17.130.91]) (authenticated bits=0) by venus.xmundo.net (8.14.1/8.14.1) with ESMTP id n1SKYPL8023808; Sat, 28 Feb 2009 18:34:26 -0200
Message-ID: <49A99FD9.9030203@gont.com.ar>
Date: Sat, 28 Feb 2009 18:34:33 -0200
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: tcpm@ietf.org
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (venus.xmundo.net [201.216.232.56]); Sat, 28 Feb 2009 17:34:39 -0300 (ART)
Subject: [tcpm] [Fwd: Re: On the implementation of TCP urgent data (IETF Internet Draft)]
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Feb 2009 20:34:18 -0000

Hello, folks,

FYI.

-------- Original Message --------
Subject: Re: On the implementation of TCP urgent data (IETF Internet Draft)
Date: Fri, 27 Feb 2009 18:13:11 -0500
From: Bill Squier <groo@old-ones.com>
To: christos@zoulas.com (Christos Zoulas)
CC: Fernando Gont <fernando@gont.com.ar>, groo@netbsd.org,        James
Chacon <jmc@netbsd.org>, Jerry Leichter <leichter@lrw.com>,
tcpm@ietf.org
References: <20090227222910.4AAF55654E@rebar.astron.com>


On Feb 27, 2009, at 5:29 PM, Christos Zoulas wrote:

> In article <49A83600.9090807@gont.com.ar> you write:
>> Hello, folks,
>>
>> We have published a revision of our IETF Internet-Draft entitled  
>> "On the
>> implementation of TCP urgent data". The document is available at:
>> http://tools.ietf.org/id/draft-gont-tcpm-urgent-data-01.txt (you can
>> also get the document in other fancy formats, such as PDF, at
>> http://www.gont.com.ar/drafts).
>>
>> This document describes current issues relevant to the implementation
>> and use of TCP urgent data, aims to change the IETF specifications so
>> that they accommodate what virtually all implementations have been  
>> doing
>> wrt urgent data.
>>
>> The TCPM working group of the IETF is currently deciding whether to
>> adopt this document as a working group item, so that your input  
>> will be
>> very much appreciated.
>>
>> To voice your opinion, please send it to tcpm@ietf.org, and CC me
>> (fernando@gont.com.ar), so that I make sure that your post makes it  
>> to
>> the mailing-list, even if you are not subscribed to it.  
>> (Alternatively,
>> you can send me your input, and I could forward it to the tcpm@ietf.org
>> mailing-list).
>
> The behavior on Windows is more complex than this. I think that it  
> maintains
> much more data than a single byte and this can lead to resource  
> exhaustion.
> This behavior is used and required to be present by SQL Server, so  
> Microsoft
> is unwilling to change it. Bill Squier <groo@netbsd.org> discovered  
> this and
> can provide you with details.

I haven't had time to read the article completely, but I did skim the
Windows section, and Christos is correct.  Windows exhausts a non-
paged fixed size pool of kernel memory (leading to a crash) whenever
the receiver does not drain OOB data.  Thus, any Windows TCP receiver
which does not expect OOB data is an avenue of attack.  For example,
the NetBIOS listener.  I refer here to Windows versions <= XP.  I have
not performed any testing on Vista and later.  Microsoft has been
aware of this issue for years.  Jerry and James can speak to whether
they have ever addressed it.

Further, I noticed that some of your analysis discusses OOB data
bleeding in-line.  This is almost certainly caused by an interaction
(on the _sender_) of Nagle and the fact that TCP defines only a single
OOB pointer.  The receiver is not returning bytes which it knows to be
OOB bytes inline, the _sender_ is accidentally placing more than a
single byte of OOB in each packet that it sends.

The receiver has no way to know that, as the only means of
communication about OOB data between sender and receiver is a single
pointer.

I have added James and Jerry to this thread as well.

[note to tcpm@ietf.org; we are not subscribers, please preserve the
cc: if you wish to solicit our feedback]

-wps


-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email