Hi Vjacheslav, > I want to discuss serious problem in Kannel WAP gateway. > It is about blocking connect(). Now any malicious user can > hang up kannel. It is too simple to do. > Anyone can send request from WAP phone to host which is configured > to drop SYN packets. > > For example: after simple command (for 10.10.10.10 owners) > iptables -A INPUT -p tcp -d 10.10.10.10 --destination-port 8081 --syn -j DROP > any request to http:/10.10.10.10:8081/ will block kannel totally > (couse http.c blocks in connect()) and other requests will be timed out.
I did get the point, but I still didn't get the scenario that would cause Kannel to blocks it's operations. I derived the gwlib/http.c and some other changes to gwlib/conn.c, socket.c and fdset.c from Netifos version to the patch attached. Can you please apply the patch against Kannel current cvs tree and try the test scenario you described. Does it fix the problem? BTW, the patch is only a first scratch. We need to *cleanly* derive the non-blocking from Netikos version. Stipe [EMAIL PROTECTED] ------------------------------------------------------------------- Wapme Systems AG Vogelsanger Weg 80 40470 Düsseldorf Tel: +49-211-74845-0 Fax: +49-211-74845-299 E-Mail: [EMAIL PROTECTED] Internet: http://www.wapme-systems.de ------------------------------------------------------------------- wapme.net - wherever you are
gateway-2002-11-11-noblock.diff.gz
Description: GNU Zip compressed data
