[ovs-dev] [PATCH] cfm: No longer keep track of bad remote MPs and MAIDS.
Ben Pfaff
blp at nicira.com
Mon Mar 28 20:24:38 UTC 2011
On Mon, Mar 28, 2011 at 01:20:02PM -0700, Ethan Jackson wrote:
> Ben pointed out that an attacker could cause OVS to use infinite
> memory by sending a series of CCMs with different MAIDs. Each
> message would cause a remote_maid to be allocated and stored for
> several seconds.
>
> Since Commit 1c2e2d2fc8 (cfm: Don't report unexpected remote
> endpoints) no longer reports unexpected remote MAIDS and MPs in the
> database, the only reason to keep track of this information is for
> debugging purposes. In my judgment, it provides negligible useful
> debugging information at the expense of significantly increased
> code complexity. This commit rips it out entirely.
Looks good to me!
If you want to retain at least a little of the debuggability, without
the code complexity and memory cost, you could log invalid MAIDs and
MPs with a suitable rate limit.
Thank you.
More information about the dev
mailing list