Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send a RST when receiving a spurious TCP packet #32

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Send a RST when receiving a spurious TCP packet #32

wants to merge 2 commits into from

Conversation

hlef
Copy link
Collaborator

@hlef hlef commented Aug 13, 2024

One of the limitations of the network stack reset as it is now is that we do not close TCP connections (#31). This leads remote servers to send us retransmissions after the reset which, in the case of several consecutive resets, can result in packet flooding.

To address this limitation, we should send RST packets to remote hosts as part of the network stack reset process.

This Draft PR

This draft PR explores a solution to this problem where we send a RST packet upon receiving spurious TCP packets. As discussed with @davidchisnall this is not something we want to merge for the following reasons:

  1. We actually want the RST packets to be sent during the reset, not upon receiving the spurious retransmissions. Doing so also increases the attack surface for DoS through packet flooding.
  2. The current implementation of the checksum code is ugly because we want to reuse the FreeRTOS code-base, but have to work-around their somewhat specialized API (see the horrible memcpy).

Looking Forward

The reason why things are like this is time constraints (I did this at the end of my visit at SCI) and implementation complexity:

  1. This requires TCP/IP stack internal state (to know which connections are open). Plugging into the TCP/IP stack to retrieve this state is tricky.
  2. This requires to either change the FreeRTOS internal API upstream, or to import some separate checksum code into the network stack specifically for this purpose, which is something we should ideally avoid for memory usage reasons. @davidchisnall also mentioned that we may be able to get away with a smart way to build the final packet checksums from the known checksum value of the template, but this requires a bit of thinking.

I am not able to pick up this PR and do these changes right now, but we can just keep the draft PR around so that whoever does so can re-use some of the code.

@hlef hlef force-pushed the hlefeuvre/send-RST-reset-draft branch 2 times, most recently from cce7dd9 to 0819835 Compare August 13, 2024 20:30
hlef added 2 commits August 13, 2024 13:32
@hlef
Expose FreeRTOS+TCP checksum APIs to the firewall.
bd6e40d 
Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@scisemi.com>
(cherry picked from commit af215ef)
@hlef
Reply to spurious TCP packets with a RST.
1e43540 
Spurious TCP packets appear when the system is force-restarting due to
an error. In such a case, open TCP connections are not properly teared
down, and the remote TCP endpoint sends retransmissions to the newly
restarted system. These spurious TCP packets are problematic because
they fill packet buffers and quickly cause packet drops.

This commit enables the firewall to reply to spurious TCP packets with
TCP RST to stop the flow of spurious packets.

We do this with a TCP RST "packet template" which we pre-set at startup
and complete with MAC address, IP address, port, sequence number, and
checksum, when sending the RST.

To do this, we need to:
- add needed 32-bit `ntohs` and `htons`
- add a representation of a TCP header in the firewall compartment

Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@scisemi.com>
(cherry picked from commit ec54006)
@hlef hlef force-pushed the hlefeuvre/send-RST-reset-draft branch from 0819835 to 1e43540 Compare August 13, 2024 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hlef