[ovs-dev] [PATCH] cfm: No longer keep track of bad remote MPs and MAIDS.

Ben Pfaff blp at nicira.com
Mon Mar 28 20:24:38 UTC 2011


On Mon, Mar 28, 2011 at 01:20:02PM -0700, Ethan Jackson wrote:
> Ben pointed out that an attacker could cause OVS to use infinite
> memory by sending a series of CCMs with different MAIDs.  Each
> message would cause a remote_maid to be allocated and stored for
> several seconds.
> 
> Since Commit 1c2e2d2fc8 (cfm: Don't report unexpected remote
> endpoints) no longer reports unexpected remote MAIDS and MPs in the
> database, the only reason to keep track of this information is for
> debugging purposes.  In my judgment, it provides negligible useful
> debugging information at the expense of significantly increased
> code complexity.  This commit rips it out entirely.

Looks good to me!

If you want to retain at least a little of the debuggability, without
the code complexity and memory cost, you could log invalid MAIDs and
MPs with a suitable rate limit.

Thank you.



More information about the dev mailing list