UDP catchall

[Matus Harvan]

On Sat, Oct 27, 2007 at 04:21:23AM +0100, Bruce M. Simpson wrote:
> Matus Harvan wrote:
>> Hi,
>> 
>> I was wondering if I could get some feedback about the patch and
>> whether others think it could be committed.
>>   
> 
> The UDP catchall patch as submitted here clashes with the blackhole 
> functionality, and also bypasses the update of the protocol statistics and 
> unreachable port rate limiting. It is not yet suitable for a production 
> kernel.

I do not see how it clashes with the blackhole functionality. If
catchall is enabled then a UDP packet destined for port, which is not
used by any other UDP socket, is passed to rip_input() and would show
up on the raw socket. This happens irrespective of te blackhole
functionality being enabled or not.

I think the protocol statistics for UDP are updated. Which one is
missing?

The catchall feature has its own rate limit, catchallr. This is
different from the unreachable port rate limit. Hence, I don't see a
problem in bypassing the unreachable port rate limiting.

> It probably shouldn't trigger the log_in_vain message, however that log 
> message is misleading anyway (the reception of UDP datagrams destined for 
> unbound ports is not a 'connection attempt').

I think the log_in_vain message is triggered only if the packet is not
passed to the raw socket, i.e., if catchalllim is exhausted. Then the
normal way for processing the packet is followed. Is this what you
have meant with triggering the log_in_vain message?

Matus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071031/9781a7c6/attachment.pgp