Re: maxsockbuf is useless value {?|:-(}
hi, On Mon, Mar 03, 2003 at 09:12:05PM -0500, Garrett Wollman wrote: > > As I stated originally, it's impossible to use 'maxsockbuf' value. > > That does not change the fact that an unprivileged user can use up to > `maxsockbuf' bytes of wired kernel memory per socket. That's why the > limit exists. The amount of memory allocated to socket buffer data > structures is not the same as the amount of user data which can be > stored in the socket buffer. Correct me if I wrong, but looks like since rev 1.102 of uipc_socket2.c "something" changed, and should be fixed in some way. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: maxsockbuf is useless value {?|:-(}
< said: > Wrong. BZZZT! > As I stated originally, it's impossible to use 'maxsockbuf' value. That does not change the fact that an unprivileged user can use up to `maxsockbuf' bytes of wired kernel memory per socket. That's why the limit exists. The amount of memory allocated to socket buffer data structures is not the same as the amount of user data which can be stored in the socket buffer. -GAWollman To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: maxsockbuf is useless value {?|:-(}
hi, On Sun, Mar 02, 2003 at 03:15:37PM -0500, Garrett Wollman wrote: > < said: > > > Seriously, you didn't give any alternative. How does one > > knows the maximum allowed limit? By just blindly trying? > > Ask for however much you think you actually need, and bleat to the > administrator (or limp along) if you don't get it. Keep in mind that > this is a security-sensitive parameter (a user can use up to > `maxsockbuf' bytes of wired kernel memory for each file descriptor he > is allowed to open). Wrong. As I stated originally, it's impossible to use 'maxsockbuf' value. kernel uses another value to check user supplied arguments, and this value is ~4-5% less than maxsockbuf. Therefore attempt to use 'maxsockbuf' as bufsize will fail in 100% of cases. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: maxsockbuf is useless value {?|:-(}
< said: > Seriously, you didn't give any alternative. How does one > knows the maximum allowed limit? By just blindly trying? Ask for however much you think you actually need, and bleat to the administrator (or limp along) if you don't get it. Keep in mind that this is a security-sensitive parameter (a user can use up to `maxsockbuf' bytes of wired kernel memory for each file descriptor he is allowed to open). -GAWollman To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: maxsockbuf is useless value {?|:-(}
On Fri, Feb 28, 2003 at 02:31:10PM -0500, Garrett Wollman wrote:
> < said:
>
> > Working with Sun JDK network code I have realized a need to provide some
> > range checking wrapper for setsockopt() in SO_{SND,RCV}BUF cases. Short
> > walk over documentation shown that maximum buffer size is exported via
> > kern.ipc.maxsockbuf sysctl. But attempt to use this value as maximum
> > buffer size was not successful -- it is too large for kernel.
>
> It is not intended that you do this.
>
So we can just rip it? :-)
Seriously, you didn't give any alternative. How does one
knows the maximum allowed limit? By just blindly trying?
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
pgp0.pgp
Description: PGP signature
maxsockbuf is useless value {?|:-(}
< said:
> Working with Sun JDK network code I have realized a need to provide some
> range checking wrapper for setsockopt() in SO_{SND,RCV}BUF cases. Short
> walk over documentation shown that maximum buffer size is exported via
> kern.ipc.maxsockbuf sysctl. But attempt to use this value as maximum
> buffer size was not successful -- it is too large for kernel.
It is not intended that you do this.
-GAWollman
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
maxsockbuf is useless value {?|:-(}
Folks,
Working with Sun JDK network code I have realized a need to provide some
range checking wrapper for setsockopt() in SO_{SND,RCV}BUF cases. Short
walk over documentation shown that maximum buffer size is exported via
kern.ipc.maxsockbuf sysctl. But attempt to use this value as maximum
buffer size was not successful -- it is too large for kernel.
Short analyzis of kernel code shown that failing checks (around sbreserve())
are done against $sb_max_adj instead of $sb_max which is reflected to sysctl.
$sb_max_adj is always less then $sb_max, therefore we will _always_
fail in attempt to use $sb_max. Testcase is below.
Any suggestions how to workaround this case ? Additionally, I think that
such behaviour is incorrect and should be fixed in kernel as well.
#include
#include
#include
#include
#include
/*
* Demonstrates problem with attempt to set documented (i.e. exported via
* kern.ipc.maxsockbuf sysctl) maximum SO_SNDBUF buffer size.
* Same applied to SO_RCVBUF.
*/
int
main()
{
int mib[3] = { CTL_KERN, KERN_IPC, KIPC_MAXSOCKBUF };
size_t rlen;
int s;
socklen_t sz;
int maxsockbuf;
int status;
rlen = sizeof(maxsockbuf);
if (sysctl(mib, 3, &maxsockbuf, &rlen, NULL, 0) < 0)
perror("sysctl");
printf("kern.ipc.maxsockbuf = %d\n", maxsockbuf);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0)
perror("socket");
sz = sizeof(maxsockbuf);
status = setsockopt(s, SOL_SOCKET, SO_SNDBUF, &maxsockbuf, sz);
if (status == 0) {
printf("setsockopt: OK\n");
} else if (errno == ENOBUFS) {
printf("setsockopt: KABOOM (ENOBUFS returned)\n");
} else {
perror("getsockopt");
}
}
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
