Hi, On 2015/12/03 1:09, Victor Orlikowski wrote:
> While using Ryu in production at Duke University, we encountered a problem > relating to Datapath objects not being properly cleaned up (and subsequently > leaking sockets). > Since the Datapath objects were not being properly cleaned up, and sockets > could potentially be leaked on each connection attempt, a file descriptor > resource exhaustion situation can occur, which renders Ryu effectively > livelocked. > This resource exhaustion *can* be viewed as a security vulnerability, since > the connections/disconnections can be triggered by sending forged RST packets > to break the control connection between the switch and Ryu. > > We tracked this down in an environment composed of hardware switches provided > by several vendors, and have tested it thoroughly over the past 12 hours. > > I am submitting the patch here; my apologies for initially submitting a > GitHub pull request: > https://github.com/osrg/ryu/pull/43 > > Signed-off-by: Victor J. Orlikowski <[email protected]> Looks nice catch, thanks a lot! You guys use the following in production? https://github.com/vjorlikowski/plexus ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Ryu-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ryu-devel
