Hi Bob-- Apologies! The text "older version" wasn't right and didn't even contribute any value in the context where it was used. I'm not sure how that phrase got included, but that mistake is definitely mine.
Thanks for the update on iperf2 activities. We've been working on adding multi-threading capabilities to iperf3, so that it can use multiple CPU cores for higher throughput testing. (Of course, iperf2 has had this ability for quite awhile.) We've done a few public betas over the summer, with generally useful and favorable results. The plan is to bring this into a mainline release "soon". Bruce. If memory serves me right, Bob McMahon wrote: > Thanks for this Bruce & to the iperf 3 team. > > A small correction - not sure I'd say iperf2 is an older version but rather > another version based from the original iperf code (using those design > patterns.) The latest version for iperf 2 is version 2.1.9 released on > March 14, 2023. One can always compile the bleeding edge from source per > the master branch. Those commits come in spurts but can be daily. Some new > multicast code was committed yesterday as an example. > > https://sourceforge.net/projects/iperf2/ > > Iperf 2 has new releases about once per year but the master branch is > always current and contains the latest commits. We may release a 2.2.0 > within the next few months per new features, e.g. around working-loads and > dual CCAs (amongst others) and bug fixes, and after our standard testing > cycle which takes up to one month. My hope is to release 2.2.0 by the end > of 2023. > > I notice a lot of open source distributions are way behind in the iperf2 > versions bundled. It may be helpful if engineers in positions to influence > open source packagings become aware of iperf 2 and now newer versions are > generally better both in features and bug fixes. Also the WiFi alliance > (WFA) <https://www.wi-fi.org/> seems to be standardizing on iperf 2.1.9 for > latency related verifications. > > Thanks, > Bob > > On Thu, Sep 14, 2023 at 12:38 PM Bruce A. Mah <[email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> ESnet Software Security Advisory >> ESNET-SECADV-2023-0002 >> >> Topic: iperf3 Server Denial of Service >> Issued: 13 September 2023 >> Credits: Jorge Sancho Larraz (Canonical) >> Affects: iperf-3.14 and earlier >> Corrected: iperf-3.15 >> >> I. Background >> >> iperf3 is a utility for testing network performance using TCP, UDP, >> and SCTP, running over IPv4 and IPv6. It uses a client/server model, >> where a client and server communicate the parameters of a test, >> coordinate the start and end of the test, and exchange results. This >> message exchange takes place over a TCP "control connection". >> >> II. Problem Description >> >> The iperf3 server and client will, at various times, send data over >> the control connection that control the parameters, start and stop of >> a test, and result exchange. Many of these data have some expected >> length to them (whether fixed or variable). >> >> It is possible for a malicious or malfunctioning client to send less >> than the expected amount of data to the server. If this happens, the >> server will hang indefinitely waiting for the remainder (or until the >> connection gets closed). Because iperf3 is deliberately designed to >> service only one client connection at a time, this will prevent other >> connections to the iperf3 server. >> >> III. Impact >> >> A malicious or misbehaving process can connect to an iperf3 server and >> prevent other connections to the server indefinitely. This issue >> mainly applies to an iperf3 server that is reachable from some >> untrusted host or network, such as the public Internet. It might be >> possible for a malicious iperf3 server to mount a similar attack on an >> iperf3 client. >> >> iperf2, an older version of the iperf utility, uses a different model >> of interaction between client and server, and is not affected by this >> issue. >> >> IV. Workaround >> >> There is no workaround for this issue, however as best practice >> dictates, iperf3 should not be run with root privileges, to minimize >> possible impact. Note that iperf3 was not designed to be a >> long-running server on the public Internet. >> >> V. Solution >> >> Update iperf3 to a version containing the fix (i.e. iperf-3.15 or >> later). >> >> VI. Correction details >> >> The bug causing this vulnerability has been fixed by the following >> commit in the esnet/iperf Github repository: >> >> master 5e3704dd850a5df2fb2b3eafd117963d017d07b4 >> >> All released versions of iperf3 issued on or after the date of this >> advisory incorporate the fix. >> >> ESnet would like to thank Jorge Sancho Larraz (Canonical) for bringing >> this issue to our attention. >> >> Security concerns with iperf3 can be submitted privately by sending an >> email to the developers at <[email protected]>. >> -----BEGIN PGP SIGNATURE----- >> >> iQEzBAEBCgAdFiEE+Fo4IENp9xo01E6DSYSRCoyq7ooFAmUDTk0ACgkQSYSRCoyq >> 7opD6wgAurQ/02J1AQEedE8dR47h3/HdpU4BwA+ZrI/xsatauRAjfZy+33jWYmVd >> nQFD2pDu/Xi86ha0xUsvj8g7Qx2tJNEvhQuYVkkCu6Z5SSKQo5UTobWqudHhA6z4 >> EcBptDR4erSQ/IScTSpSe97Vsi8zC9Oc2t+DJxMRNW8otHkieg/kw8Yeh6ekhJWA >> gcBZ/Fw8usI+G0vOyZD6PVqgRNdH5tCH7Pz3hqaWu/jhQK47fwvUIv/CG0MfKKEl >> OOAGeIONq62QKOnVlHgRt6dD7gITMy9CDkb7mqBbLdZVuFRGsmu1zJba25TYQKFI >> NLQqwFiCvQsLxc5Bs8TqJBrSyjyaRQ== >> =wCGb >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Iperf-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/iperf-users >> > > -- > This electronic communication and the information and any files transmitted > with it, or attached to it, are confidential and are intended solely for > the use of the individual or entity to whom it is addressed and may contain > information that is confidential, legally privileged, protected by privacy > laws, or otherwise restricted from disclosure to anyone else. If you are > not the intended recipient or the person responsible for delivering the > e-mail to the intended recipient, you are hereby notified that any use, > copying, distributing, dissemination, forwarding, printing, or copying of > this e-mail is strictly prohibited. If you received this e-mail in error, > please return the e-mail to the sender, delete it from your computer, and > destroy any printed copy of it.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Iperf-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/iperf-users
