You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello.
Please correct me if I am missing something, but I want to bring your attention to this issue in case it hasn't been accounted for yet.
As UDP packets can easily be spoofed to be seemingly coming from tons of random sources, every such malicious packet would contribute to filling up the ActiveConnections HashMap and could eventually lead to a DoS. This has been exploited in other UDP game servers.
The server-side solution, typically, is a UDP equivalent of SYN cookies: A packet is not acknowledged unless it contains a cookie, which the client requests from the server upon connection. The cookie is generated statelessly based on the SocketAddr and a secret seed, so that no allocations are necessary.
Unfortunately, the laminar API currently does not allow for this mechanism. Maintaining a list of connections this early into the packet parsing process also seems like a source of contention for servers which might want to use SO_REUSEPORT to accept packets on multiple threads.
The text was updated successfully, but these errors were encountered:
You make a good point. We definitely need to consider options for fixing this attack vector. There is another ticket that has already floated the idea of a handshake which could be a possible way to solve that problem.
However, I'm less worried about the SO_REUSEPORT case because laminar is not designed to work in a multi-threaded capacity at this moment. Also, realistically speaking, even if we rework it to be multi-thread friendly, SO_REUSEPORT was implemented as a way to handle load at google scale. https://lwn.net/Articles/542629/. I suspect it's a bit of an unnecessary optimization.
Hello.
Please correct me if I am missing something, but I want to bring your attention to this issue in case it hasn't been accounted for yet.
As UDP packets can easily be spoofed to be seemingly coming from tons of random sources, every such malicious packet would contribute to filling up the
ActiveConnections
HashMap and could eventually lead to a DoS. This has been exploited in other UDP game servers.The server-side solution, typically, is a UDP equivalent of SYN cookies: A packet is not acknowledged unless it contains a cookie, which the client requests from the server upon connection. The cookie is generated statelessly based on the SocketAddr and a secret seed, so that no allocations are necessary.
Unfortunately, the laminar API currently does not allow for this mechanism. Maintaining a list of connections this early into the packet parsing process also seems like a source of contention for servers which might want to use
SO_REUSEPORT
to accept packets on multiple threads.The text was updated successfully, but these errors were encountered: