Limit the socket buffer size to 64k for all sessions. Long time ago

setting the size to 64k was increasing the size but now auto-scaling
could grow the buffer size much more. The origianl idea was that sessions
without protection had a small window size to make window attacks
harder. This problem was fixed long time ago and is no longer relevant.
Limiting the buffer size to a reasonable size ensures that not too many
updates end up queued in the TCP stack.
OK benno@ (some time ago)

diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c
index 137fda9..c8debdb 100644 (file)
--- a/usr.sbin/bgpd/session.c
+++ b/usr.sbin/bgpd/session.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: session.c,v 1.443 2023/04/20 12:53:27 claudio Exp $ */
+/*     $OpenBSD: session.c,v 1.444 2023/05/05 07:28:08 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@@ -1189,20 +1189,15 @@ session_setup_socket(struct peer *p)
                return (-1);
        }
 
-       /* only increase bufsize (and thus window) if md5 or ipsec is in use */
-       if (p->conf.auth.method != AUTH_NONE) {
-               /* try to increase bufsize. no biggie if it fails */
-               bsize = 65535;
-               while (bsize > 8192 &&
-                   setsockopt(p->fd, SOL_SOCKET, SO_RCVBUF, &bsize,
-                   sizeof(bsize)) == -1 && errno != EINVAL)
-                       bsize /= 2;
-               bsize = 65535;
-               while (bsize > 8192 &&
-                   setsockopt(p->fd, SOL_SOCKET, SO_SNDBUF, &bsize,
-                   sizeof(bsize)) == -1 && errno != EINVAL)
-                       bsize /= 2;
-       }
+       /* limit bufsize. no biggie if it fails */
+       bsize = 65535;
+       while (bsize > 8192 && setsockopt(p->fd, SOL_SOCKET, SO_RCVBUF,
+           &bsize, sizeof(bsize)) == -1 && errno != EINVAL)
+               bsize /= 2;
+       bsize = 65535;
+       while (bsize > 8192 && setsockopt(p->fd, SOL_SOCKET, SO_SNDBUF,
+           &bsize, sizeof(bsize)) == -1 && errno != EINVAL)
+               bsize /= 2;
 
        return (0);
 }