DoS na router/stanici malymi datagramy (2.4.21-15.0.3.EL aka RHEL3)

[Dalibor Straka]

On Thu, Jul 08, 2004 at 02:50:23PM +0200, Milan Keršláger wrote:
> Dobry den,
> 
> mam router, ktery je pripojen 100Mbps linkoui (FD). Pokud nekdo zacne
> delat DoS malymi datagramy na stanici schovanou za routerem, system po
> dobu utoku zmrzne tak, ze skrz prochazi asi 5% datagramu a nelze se
> prihlasit ani nic delat na konzoli.
> 
> V dmesg pak vydim spousty radku:
> 
> eth0: Too much work at interrupt, IntrStatus=0x0001.
> 

Na to mi umirala desticka s realtekem. 

> Vymena RTL-8139 za 3C905 nepomaha.
> 

Zkuste inteli sitovku a treba to pujde samo.

U realteka jsem to vyresil nejdrive softwarove nastavenim max_interrupts_work
na 64. Je tam takovyto kousek kodu

/* Maximum events (Rx packets, etc.) to handle at each interrupt. */
 static int max_interrupt_work = 32;
 
MODULE_PARM(max_interrupt_work, "i");
 
MODULE_PARM_DESC(max_interrupt_work, 
                 "3c59x maximum events handled per interrupt");

int work_done = max_interrupt_work;
	if (--work_done < 0) {
		printk(KERN_WARNING "%s: Too much work in interrupt, status "
			"%4.4x.\n", dev->name, status);

Jinymi slovy, v driveru je built-in mechanismus, ktery zabranuje
neustalemu drzeni procesoru sitovym ovladacem behem preruseni. Coz se
muze stat na pomalych masinach s rychlou a zatizenou sitovkou (a nebo
pro denial-of-service attack). Zvysenim max_interrupt_work se ale muze
stat, ze procesor bude zanedbavat ostatni ulohy. 

Preji hezke ladeni.
-- Dalibor Straka