sbsize and active ftp sessions (login.conf)

Mike Tancsa mike at sentex.net
Thu May 29 10:52:38 PDT 2003


I noticed with active ftp clients (specifically IMP's .forward modification 
plugin), an sbsize of something under 32M in /etc/login.conf on the target 
server now gives

Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available.

in the ftp logs.  What is a safe value to prevent users from abusing the 
system by eating up all mbufs ? There is a local DoS if sbsize was left as 
unlimited. 
(http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=20000603234039.X17973_fw.wintelcom.net%40ns.sol.net&rnum=2&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26q%3Dsbsize%2Bfreebsd%2Bdos)

32MB seems like an oddly large number for just a small ftp session.  This 
changed sometime between Jan 21st and Feb 15th it would seem.  Previously 
an sbzise of :sbsize=512K:\ would work just fine.  Not sure if its ftpd or 
something in the kernel ?

	---Mike
--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike



More information about the freebsd-stable mailing list