Re: [Fwknop-discuss] Potential bug in fwknopd
Brought to you by:
mbr
From: Michael R. <mb...@ci...> - 2009-10-28 04:19:13
|
On Oct 26, 2009, Jonathan Bennett wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >When we're pushing over http, we have to make this modification. I > >don't see that fwknopd allows for that modification when checking for > >base64 only chars. Hi Jonathan, Apologies for the very long delay. > So, I finally dug deep enough into the code to discover how it's done. > - From what I can tell, I was wrong in my understanding. Fwknopd seems to > correctly parse base64 for url. Glad to hear that things appear to be working here. There are some tests in the fwknop_test.pl test suite for ensuring that URL parsing works properly, but extra validation is always good. > - From what I can tell, when fwknopd sniffs an interface using pcap, it > only sniffs once per second. When the traffic volume is much higher than > that, packets may get lost. I believe that there was a lot of traffic on > the port I was using when I was doing this testing. I disabled the sleep > command in the pcap_loop subroutine, and it started picking up every SPA > packet. > > In short, I have concluded that my problem was that I was testing on a > heavily used port, and fwknopd was dropping packets because of the heavy > use. > > Is this a bug or a feature? It takes more processor time when it doesn't > sleep between loops, but I would like to always grab the SPA packets. That is a good point. The default bpf statement restricts fwknopd to look at UDP packets to port 62201, and not much traffic is expected there so the sleep helps to ensure that someone cannot force high CPU utilization just by sending a lot of packet data at that port. Also, there is some buffering via the kernel/libpcap such that when fwknopd is sleeping it will process some packets that were received during the sleep. (You can see this by increasing the sleep and then sending two packets at fwknopd during the sleep - both will be processed.) I'm not sure how many packets are buffered, and clearly if you are running fwknopd against a port with a lot of traffic then this sleep will eventually force fwknopd to drop packets. At the very least, this should be configurable so that no sleep is required. I will add this. Thanks, --Mike > Thanks, > Jonathan Bennett > incomsystems.biz > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkrmcZUACgkQhFXk1UR7WbdvbQCfRDMCzNUG6Cf1FFCmSuHvfD0z > GZUAn2HiEhYelg4zmsMzIQB8rziysjMQ > =9d39 > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |